diff -r 490d5cc509ed -r cf61fcea0001 wp/wp-includes/functions.php --- a/wp/wp-includes/functions.php Tue Jun 09 11:14:17 2015 +0000 +++ b/wp/wp-includes/functions.php Mon Oct 14 17:39:30 2019 +0200 @@ -78,6 +78,8 @@ * * @since 0.71 * + * @global WP_Locale $wp_locale + * * @param string $dateformatstring Format to display the date. * @param bool|int $unixtimestamp Optional. Unix timestamp. Default false. * @param bool $gmt Optional. Whether to use GMT timezone. Default false. @@ -89,13 +91,7 @@ $i = $unixtimestamp; if ( false === $i ) { - if ( ! $gmt ) - $i = current_time( 'timestamp' ); - else - $i = time(); - // we should not let date() interfere with our - // specially computed timestamp - $gmt = true; + $i = current_time( 'timestamp', $gmt ); } /* @@ -104,15 +100,13 @@ */ $req_format = $dateformatstring; - $datefunc = $gmt? 'gmdate' : 'date'; - if ( ( !empty( $wp_locale->month ) ) && ( !empty( $wp_locale->weekday ) ) ) { - $datemonth = $wp_locale->get_month( $datefunc( 'm', $i ) ); + $datemonth = $wp_locale->get_month( date( 'm', $i ) ); $datemonth_abbrev = $wp_locale->get_month_abbrev( $datemonth ); - $dateweekday = $wp_locale->get_weekday( $datefunc( 'w', $i ) ); + $dateweekday = $wp_locale->get_weekday( date( 'w', $i ) ); $dateweekday_abbrev = $wp_locale->get_weekday_abbrev( $dateweekday ); - $datemeridiem = $wp_locale->get_meridiem( $datefunc( 'a', $i ) ); - $datemeridiem_capital = $wp_locale->get_meridiem( $datefunc( 'A', $i ) ); + $datemeridiem = $wp_locale->get_meridiem( date( 'a', $i ) ); + $datemeridiem_capital = $wp_locale->get_meridiem( date( 'A', $i ) ); $dateformatstring = ' '.$dateformatstring; $dateformatstring = preg_replace( "/([^\\\])D/", "\\1" . backslashit( $dateweekday_abbrev ), $dateformatstring ); $dateformatstring = preg_replace( "/([^\\\])F/", "\\1" . backslashit( $datemonth ), $dateformatstring ); @@ -130,7 +124,7 @@ if ( $timezone_string ) { $timezone_object = timezone_open( $timezone_string ); $date_object = date_create( null, $timezone_object ); - foreach( $timezone_formats as $timezone_format ) { + foreach ( $timezone_formats as $timezone_format ) { if ( false !== strpos( $dateformatstring, $timezone_format ) ) { $formatted = date_format( $date_object, $timezone_format ); $dateformatstring = ' '.$dateformatstring; @@ -140,10 +134,10 @@ } } } - $j = @$datefunc( $dateformatstring, $i ); + $j = @date( $dateformatstring, $i ); /** - * Filter the date formatted based on the locale. + * Filters the date formatted based on the locale. * * @since 2.8.0 * @@ -157,32 +151,95 @@ } /** - * Convert integer number to format based on the locale. + * Determines if the date should be declined. + * + * If the locale specifies that month names require a genitive case in certain + * formats (like 'j F Y'), the month name will be replaced with a correct form. + * + * @since 4.4.0 + * + * @global WP_Locale $wp_locale + * + * @param string $date Formatted date string. + * @return string The date, declined if locale specifies it. + */ +function wp_maybe_decline_date( $date ) { + global $wp_locale; + + // i18n functions are not available in SHORTINIT mode + if ( ! function_exists( '_x' ) ) { + return $date; + } + + /* translators: If months in your language require a genitive case, + * translate this to 'on'. Do not translate into your own language. + */ + if ( 'on' === _x( 'off', 'decline months names: on or off' ) ) { + // Match a format like 'j F Y' or 'j. F' + if ( @preg_match( '#^\d{1,2}\.? [^\d ]+#u', $date ) ) { + $months = $wp_locale->month; + $months_genitive = $wp_locale->month_genitive; + + foreach ( $months as $key => $month ) { + $months[ $key ] = '# ' . $month . '( |$)#u'; + } + + foreach ( $months_genitive as $key => $month ) { + $months_genitive[ $key ] = ' ' . $month . '$1'; + } + + $date = preg_replace( $months, $months_genitive, $date ); + } + } + + // Used for locale-specific rules + $locale = get_locale(); + + if ( 'ca' === $locale ) { + // " de abril| de agost| de octubre..." -> " d'abril| d'agost| d'octubre..." + $date = preg_replace( '# de ([ao])#i', " d'\\1", $date ); + } + + return $date; +} + +/** + * Convert float number to format based on the locale. * * @since 2.3.0 * - * @param int $number The number to convert based on locale. - * @param int $decimals Optional. Precision of the number of decimal places. Default 0. + * @global WP_Locale $wp_locale + * + * @param float $number The number to convert based on locale. + * @param int $decimals Optional. Precision of the number of decimal places. Default 0. * @return string Converted number in string format. */ function number_format_i18n( $number, $decimals = 0 ) { global $wp_locale; - $formatted = number_format( $number, absint( $decimals ), $wp_locale->number_format['decimal_point'], $wp_locale->number_format['thousands_sep'] ); + + if ( isset( $wp_locale ) ) { + $formatted = number_format( $number, absint( $decimals ), $wp_locale->number_format['decimal_point'], $wp_locale->number_format['thousands_sep'] ); + } else { + $formatted = number_format( $number, absint( $decimals ) ); + } /** - * Filter the number formatted based on the locale. + * Filters the number formatted based on the locale. * - * @since 2.8.0 + * @since 2.8.0 + * @since 4.9.0 The `$number` and `$decimals` arguments were added. * * @param string $formatted Converted number in string format. + * @param float $number The number to convert based on locale. + * @param int $decimals Precision of the number of decimal places. */ - return apply_filters( 'number_format_i18n', $formatted ); + return apply_filters( 'number_format_i18n', $formatted, $number, $decimals ); } /** * Convert number of bytes largest unit bytes will fit into. * - * It is easier to read 1 kB than 1024 bytes and 1 MB than 1048576 bytes. Converts + * It is easier to read 1 KB than 1024 bytes and 1 MB than 1048576 bytes. Converts * number of bytes to human readable number by taking the number of that unit * that the bytes will go into it. Supports TB value. * @@ -201,14 +258,17 @@ */ function size_format( $bytes, $decimals = 0 ) { $quant = array( - // ========================= Origin ==== - 'TB' => 1099511627776, // pow( 1024, 4) - 'GB' => 1073741824, // pow( 1024, 3) - 'MB' => 1048576, // pow( 1024, 2) - 'kB' => 1024, // pow( 1024, 1) - 'B' => 1, // pow( 1024, 0) + 'TB' => TB_IN_BYTES, + 'GB' => GB_IN_BYTES, + 'MB' => MB_IN_BYTES, + 'KB' => KB_IN_BYTES, + 'B' => 1, ); + if ( 0 === $bytes ) { + return number_format_i18n( 0, $decimals ) . ' B'; + } + foreach ( $quant as $unit => $mag ) { if ( doubleval( $bytes ) >= $mag ) { return number_format_i18n( $bytes / $mag, $decimals ) . ' ' . $unit; @@ -252,8 +312,8 @@ // The most recent week start day on or before $day. $start = $day - DAY_IN_SECONDS * ( $weekday - $start_of_week ); - // $start + 7 days - 1 second. - $end = $start + 7 * DAY_IN_SECONDS - 1; + // $start + 1 week - 1 second. + $end = $start + WEEK_IN_SECONDS - 1; return compact( 'start', 'end' ); } @@ -381,6 +441,7 @@ // Double serialization is required for backward compatibility. // See https://core.trac.wordpress.org/ticket/12930 + // Also the world will end. See WP 3.6.1. if ( is_serialized( $data, false ) ) return serialize( $data ); @@ -490,10 +551,10 @@ * * @since 1.5.0 * - * @see $wpdb + * @global wpdb $wpdb WordPress database abstraction object. * * @param string $content Post Content. - * @param int $post_ID Post ID. + * @param int $post_ID Post ID. */ function do_enclose( $content, $post_ID ) { global $wpdb; @@ -527,6 +588,19 @@ } } + /** + * Filters the list of enclosure links before querying the database. + * + * Allows for the addition and/or removal of potential enclosures to save + * to postmeta before checking the database for existing enclosures. + * + * @since 4.4.0 + * + * @param array $post_links An array of enclosure links. + * @param int $post_ID Post ID. + */ + $post_links = apply_filters( 'enclosure_links', $post_links, $post_ID ); + foreach ( (array) $post_links as $url ) { if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE %s", $post_ID, $wpdb->esc_like( $url ) . '%' ) ) ) { @@ -559,62 +633,6 @@ } /** - * Perform a HTTP HEAD or GET request. - * - * If $file_path is a writable filename, this will do a GET request and write - * the file to that path. - * - * @since 2.5.0 - * - * @param string $url URL to fetch. - * @param string|bool $file_path Optional. File path to write request to. Default false. - * @param int $red Optional. The number of Redirects followed, Upon 5 being hit, - * returns false. Default 1. - * @return bool|string False on failure and string of headers if HEAD request. - */ -function wp_get_http( $url, $file_path = false, $red = 1 ) { - @set_time_limit( 60 ); - - if ( $red > 5 ) - return false; - - $options = array(); - $options['redirection'] = 5; - - if ( false == $file_path ) - $options['method'] = 'HEAD'; - else - $options['method'] = 'GET'; - - $response = wp_safe_remote_request( $url, $options ); - - if ( is_wp_error( $response ) ) - return false; - - $headers = wp_remote_retrieve_headers( $response ); - $headers['response'] = wp_remote_retrieve_response_code( $response ); - - // WP_HTTP no longer follows redirects for HEAD requests. - if ( 'HEAD' == $options['method'] && in_array($headers['response'], array(301, 302)) && isset( $headers['location'] ) ) { - return wp_get_http( $headers['location'], $file_path, ++$red ); - } - - if ( false == $file_path ) - return $headers; - - // GET request - write it to the supplied filename - $out_fp = fopen($file_path, 'w'); - if ( !$out_fp ) - return $headers; - - fwrite( $out_fp, wp_remote_retrieve_body( $response ) ); - fclose($out_fp); - clearstatcache(); - - return $headers; -} - -/** * Retrieve HTTP Headers from URL. * * @since 1.5.1 @@ -625,7 +643,7 @@ */ function wp_get_http_headers( $url, $deprecated = false ) { if ( !empty( $deprecated ) ) - _deprecated_argument( __FUNCTION__, '2.7' ); + _deprecated_argument( __FUNCTION__, '2.7.0' ); $response = wp_safe_remote_head( $url ); @@ -663,8 +681,8 @@ * @since 2.3.0 * * @see _http_build_query() Used to build the query - * @see http://us2.php.net/manual/en/function.http-build-query.php for more on what - * http_build_query() does. + * @link https://secure.php.net/manual/en/function.http-build-query.php for more on what + * http_build_query() does. * * @param array $data URL-encode key/value pairs. * @return string URL-encoded string. @@ -679,7 +697,7 @@ * @since 3.2.0 * @access private * - * @see http://us1.php.net/manual/en/function.http-build-query.php + * @see https://secure.php.net/manual/en/function.http-build-query.php * * @param array|object $data An array or object of data. Converted to array. * @param string $prefix Optional. Numeric index. If set, start parameter numbering with it. @@ -721,22 +739,39 @@ } /** - * Retrieve a modified URL query string. - * - * You can rebuild the URL and append a new query variable to the URL query by - * using this function. You can also retrieve the full URL with query data. - * - * Adding a single key & value or an associative array. Setting a key value to - * an empty string removes the key. Omitting oldquery_or_uri uses the $_SERVER - * value. Additional values provided are expected to be encoded appropriately - * with urlencode() or rawurlencode(). + * Retrieves a modified URL query string. + * + * You can rebuild the URL and append query variables to the URL query by using this function. + * There are two ways to use this function; either a single key and value, or an associative array. + * + * Using a single key and value: + * + * add_query_arg( 'key', 'value', 'http://example.com' ); + * + * Using an associative array: + * + * add_query_arg( array( + * 'key1' => 'value1', + * 'key2' => 'value2', + * ), 'http://example.com' ); + * + * Omitting the URL from either use results in the current URL being used + * (the value of `$_SERVER['REQUEST_URI']`). + * + * Values are expected to be encoded appropriately with urlencode() or rawurlencode(). + * + * Setting any query variable's value to boolean false removes the key (see remove_query_arg()). + * + * Important: The return value of add_query_arg() is not escaped by default. Output should be + * late-escaped with esc_url() or similar to help prevent vulnerability to cross-site scripting + * (XSS) attacks. * * @since 1.5.0 * - * @param string|array $param1 Either newkey or an associative_array. - * @param string $param2 Either newvalue or oldquery or URI. - * @param string $param3 Optional. Old query or URI. - * @return string New URL query string. + * @param string|array $key Either a query variable key, or an associative array of query variables. + * @param string $value Optional. Either a query variable value, or a URL to act upon. + * @param string $url Optional. A URL to act upon. + * @return string New URL query string (unescaped). */ function add_query_arg() { $args = func_get_args(); @@ -802,12 +837,12 @@ } /** - * Removes an item or list from the query string. + * Removes an item or items from a query string. * * @since 1.5.0 * * @param string|array $key Query key or keys to remove. - * @param bool|string $query Optional. When false uses the $_SERVER value. Default false. + * @param bool|string $query Optional. When false uses the current URL. Default false. * @return string New URL query string. */ function remove_query_arg( $key, $query = false ) { @@ -820,6 +855,50 @@ } /** + * Returns an array of single-use query variable names that can be removed from a URL. + * + * @since 4.4.0 + * + * @return array An array of parameters to remove from the URL. + */ +function wp_removable_query_args() { + $removable_query_args = array( + 'activate', + 'activated', + 'approved', + 'deactivate', + 'deleted', + 'disabled', + 'enabled', + 'error', + 'hotkeys_highlight_first', + 'hotkeys_highlight_last', + 'locked', + 'message', + 'same', + 'saved', + 'settings-updated', + 'skipped', + 'spammed', + 'trashed', + 'unspammed', + 'untrashed', + 'update', + 'updated', + 'wp-post-new-reload', + ); + + /** + * Filters the list of query variables to remove. + * + * @since 4.2.0 + * + * @param array $removable_query_args An array of query variables to remove from a URL. + */ + return apply_filters( 'removable_query_args', $removable_query_args ); +} + +/** * Walks the array while sanitizing the contents. * * @since 0.71 @@ -870,6 +949,10 @@ * * @since 2.0.0 * + * @global WP $wp_locale + * @global WP_Query $wp_query + * @global WP_Query $wp_the_query + * * @param string|array $query_vars Default WP_Query arguments. */ function wp( $query_vars = '' ) { @@ -885,6 +968,8 @@ * * @since 2.3.0 * + * @global array $wp_header_to_desc + * * @param int $code HTTP status code. * @return string Empty string if not found, or description if found. */ @@ -917,6 +1002,7 @@ 305 => 'Use Proxy', 306 => 'Reserved', 307 => 'Temporary Redirect', + 308 => 'Permanent Redirect', 400 => 'Bad Request', 401 => 'Unauthorized', @@ -937,6 +1023,7 @@ 416 => 'Requested Range Not Satisfiable', 417 => 'Expectation Failed', 418 => 'I\'m a teapot', + 421 => 'Misdirected Request', 422 => 'Unprocessable Entity', 423 => 'Locked', 424 => 'Failed Dependency', @@ -944,6 +1031,7 @@ 428 => 'Precondition Required', 429 => 'Too Many Requests', 431 => 'Request Header Fields Too Large', + 451 => 'Unavailable For Legal Reasons', 500 => 'Internal Server Error', 501 => 'Not Implemented', @@ -968,25 +1056,28 @@ * Set HTTP status header. * * @since 2.0.0 + * @since 4.4.0 Added the `$description` parameter. * * @see get_status_header_desc() * - * @param int $code HTTP status code. - */ -function status_header( $code ) { - $description = get_status_header_desc( $code ); - - if ( empty( $description ) ) + * @param int $code HTTP status code. + * @param string $description Optional. A custom description for the HTTP status. + */ +function status_header( $code, $description = '' ) { + if ( ! $description ) { + $description = get_status_header_desc( $code ); + } + + if ( empty( $description ) ) { return; - - $protocol = $_SERVER['SERVER_PROTOCOL']; - if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol ) - $protocol = 'HTTP/1.0'; + } + + $protocol = wp_get_server_protocol(); $status_header = "$protocol $code $description"; if ( function_exists( 'apply_filters' ) ) /** - * Filter an HTTP status header. + * Filters an HTTP status header. * * @since 2.2.0 * @@ -1014,12 +1105,11 @@ $headers = array( 'Expires' => 'Wed, 11 Jan 1984 05:00:00 GMT', 'Cache-Control' => 'no-cache, must-revalidate, max-age=0', - 'Pragma' => 'no-cache', ); if ( function_exists('apply_filters') ) { /** - * Filter the cache-controlling headers. + * Filters the cache-controlling headers. * * @since 2.8.0 * @@ -1030,7 +1120,6 @@ * * @type string $Expires Expires header. * @type string $Cache-Control Cache-Control header. - * @type string $Pragma Pragma header. * } */ $headers = (array) apply_filters( 'nocache_headers', $headers ); @@ -1069,7 +1158,7 @@ } } - foreach( $headers as $name => $field_value ) + foreach ( $headers as $name => $field_value ) @header("{$name}: {$field_value}"); } @@ -1124,7 +1213,7 @@ * * @since 2.1.0 * - * @uses $wp_query Used to tell if the use a comment feed. + * @global WP_Query $wp_query Used to tell if the use a comment feed. */ function do_feed() { global $wp_query; @@ -1137,20 +1226,23 @@ if ( $feed == '' || $feed == 'feed' ) $feed = get_default_feed(); - $hook = 'do_feed_' . $feed; - if ( ! has_action( $hook ) ) + if ( ! has_action( "do_feed_{$feed}" ) ) { wp_die( __( 'ERROR: This is not a valid feed template.' ), '', array( 'response' => 404 ) ); + } /** * Fires once the given feed is loaded. * - * The dynamic hook name, $hook, refers to the feed name. + * The dynamic portion of the hook name, `$feed`, refers to the feed template name. + * Possible values include: 'rdf', 'rss', 'rss2', and 'atom'. * * @since 2.1.0 + * @since 4.4.0 The `$feed` parameter was added. * - * @param bool $is_comment_feed Whether the feed is a comment feed. + * @param bool $is_comment_feed Whether the feed is a comment feed. + * @param string $feed The feed name. */ - do_action( $hook, $wp_query->is_comment_feed ); + do_action( "do_feed_{$feed}", $wp_query->is_comment_feed, $feed ); } /** @@ -1233,10 +1325,11 @@ $site_url = parse_url( site_url() ); $path = ( !empty( $site_url['path'] ) ) ? $site_url['path'] : ''; $output .= "Disallow: $path/wp-admin/\n"; + $output .= "Allow: $path/wp-admin/admin-ajax.php\n"; } /** - * Filter the robots.txt output. + * Filters the robots.txt output. * * @since 3.0.0 * @@ -1247,7 +1340,7 @@ } /** - * Test whether blog is already installed. + * Test whether WordPress is already installed. * * The cache will be checked first. If you have a cache plugin, which saves * the cache values, then this will work. If you use the default WordPress @@ -1259,7 +1352,7 @@ * * @global wpdb $wpdb WordPress database abstraction object. * - * @return bool Whether the blog is already installed. + * @return bool Whether the site is already installed. */ function is_blog_installed() { global $wpdb; @@ -1272,7 +1365,7 @@ return true; $suppress = $wpdb->suppress_errors(); - if ( ! defined( 'WP_INSTALLING' ) ) { + if ( ! wp_installing() ) { $alloptions = wp_load_alloptions(); } // If siteurl is not set to autoload, check it specifically @@ -1295,13 +1388,13 @@ $suppress = $wpdb->suppress_errors(); /* - * Loop over the WP tables. If none exist, then scratch install is allowed. + * Loop over the WP tables. If none exist, then scratch installation is allowed. * If one or more exist, suggest table repair since we got here because the * options table could not be accessed. */ $wp_tables = $wpdb->tables(); foreach ( $wp_tables as $table ) { - // The existence of custom user tables shouldn't suggest an insane state or prevent a clean install. + // The existence of custom user tables shouldn't suggest an insane state or prevent a clean installation. if ( defined( 'CUSTOM_USER_TABLE' ) && CUSTOM_USER_TABLE == $table ) continue; if ( defined( 'CUSTOM_USER_META_TABLE' ) && CUSTOM_USER_META_TABLE == $table ) @@ -1315,7 +1408,12 @@ wp_load_translations_early(); // Die with a DB error. - $wpdb->error = sprintf( __( 'One or more database tables are unavailable. The database may need to be repaired.' ), 'maint/repair.php?referrer=is_blog_installed' ); + $wpdb->error = sprintf( + /* translators: %s: database repair URL */ + __( 'One or more database tables are unavailable. The database may need to be repaired.' ), + 'maint/repair.php?referrer=is_blog_installed' + ); + dead_db(); } @@ -1433,16 +1531,35 @@ * @return false|string False on failure. Referer URL on success. */ function wp_get_referer() { - if ( ! function_exists( 'wp_validate_redirect' ) ) + if ( ! function_exists( 'wp_validate_redirect' ) ) { return false; - $ref = false; - if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) - $ref = wp_unslash( $_REQUEST['_wp_http_referer'] ); - elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) ) - $ref = wp_unslash( $_SERVER['HTTP_REFERER'] ); - - if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) ) + } + + $ref = wp_get_raw_referer(); + + if ( $ref && $ref !== wp_unslash( $_SERVER['REQUEST_URI'] ) && $ref !== home_url() . wp_unslash( $_SERVER['REQUEST_URI'] ) ) { return wp_validate_redirect( $ref, false ); + } + + return false; +} + +/** + * Retrieves unvalidated referer from '_wp_http_referer' or HTTP referer. + * + * Do not use for redirects, use wp_get_referer() instead. + * + * @since 4.5.0 + * + * @return string|false Referer URL on success, false on failure. + */ +function wp_get_raw_referer() { + if ( ! empty( $_REQUEST['_wp_http_referer'] ) ) { + return wp_unslash( $_REQUEST['_wp_http_referer'] ); + } else if ( ! empty( $_SERVER['HTTP_REFERER'] ) ) { + return wp_unslash( $_SERVER['HTTP_REFERER'] ); + } + return false; } @@ -1473,7 +1590,7 @@ $wrapper = null; // Strip the protocol. - if( wp_is_stream( $target ) ) { + if ( wp_is_stream( $target ) ) { list( $wrapper, $target ) = explode( '://', $target, 2 ); } @@ -1481,7 +1598,7 @@ $target = str_replace( '//', '/', $target ); // Put the wrapper back on the target. - if( $wrapper !== null ) { + if ( $wrapper !== null ) { $target = $wrapper . '://' . $target; } @@ -1498,7 +1615,7 @@ // We need to find the permissions of the parent folder that exists and inherit that. $target_parent = dirname( $target ); - while ( '.' != $target_parent && ! is_dir( $target_parent ) ) { + while ( '.' != $target_parent && ! is_dir( $target_parent ) && dirname( $target_parent ) !== $target_parent ) { $target_parent = dirname( $target_parent ); } @@ -1529,7 +1646,7 @@ } /** - * Test if a give filesystem path is absolute. + * Test if a given filesystem path is absolute. * * For example, '/foo/bar', or 'c:\windows'. * @@ -1579,18 +1696,38 @@ /** * Normalize a filesystem path. * - * Replaces backslashes with forward slashes for Windows systems, and ensures - * no duplicate slashes exist. + * On windows systems, replaces backslashes with forward slashes + * and forces upper-case drive letters. + * Allows for two leading slashes for Windows network shares, but + * ensures that all other duplicate slashes are reduced to a single. * * @since 3.9.0 + * @since 4.4.0 Ensures upper-case drive letters on Windows systems. + * @since 4.5.0 Allows for Windows network shares. + * @since 4.9.7 Allows for PHP file wrappers. * * @param string $path Path to normalize. * @return string Normalized path. */ function wp_normalize_path( $path ) { + $wrapper = ''; + if ( wp_is_stream( $path ) ) { + list( $wrapper, $path ) = explode( '://', $path, 2 ); + $wrapper .= '://'; + } + + // Standardise all paths to use / $path = str_replace( '\\', '/', $path ); - $path = preg_replace( '|/+|','/', $path ); - return $path; + + // Replace multiple slashes down to a singular, allowing for network shares having two slashes. + $path = preg_replace( '|(?<=.)/+|', '/', $path ); + + // Windows paths should uppercase the drive letter + if ( ':' === substr( $path, 1, 1 ) ) { + $path = ucfirst( $path ); + } + + return $wrapper . $path; } /** @@ -1605,10 +1742,12 @@ * * @since 2.5.0 * + * @staticvar string $temp + * * @return string Writable temporary directory. */ function get_temp_dir() { - static $temp; + static $temp = ''; if ( defined('WP_TEMP_DIR') ) return trailingslashit(WP_TEMP_DIR); @@ -1629,8 +1768,7 @@ if ( is_dir( $temp ) && wp_is_writable( $temp ) ) return $temp; - $temp = '/tmp/'; - return $temp; + return '/tmp/'; } /** @@ -1663,8 +1801,8 @@ * * @since 2.8.0 * - * @see http://bugs.php.net/bug.php?id=27609 - * @see http://bugs.php.net/bug.php?id=30931 + * @see https://bugs.php.net/bug.php?id=27609 + * @see https://bugs.php.net/bug.php?id=30931 * * @param string $path Windows path to check for write-ability. * @return bool Whether the path is writable. @@ -1688,6 +1826,23 @@ } /** + * Retrieves uploads directory information. + * + * Same as wp_upload_dir() but "light weight" as it doesn't attempt to create the uploads directory. + * Intended for use in themes, when only 'basedir' and 'baseurl' are needed, generally in all cases + * when not uploading files. + * + * @since 4.5.0 + * + * @see wp_upload_dir() + * + * @return array See wp_upload_dir() for description. + */ +function wp_get_upload_dir() { + return wp_upload_dir( null, false ); +} + +/** * Get an array containing the current upload directory's path and url. * * Checks the 'upload_path' option, which should be from the web root folder, @@ -1712,14 +1867,76 @@ * 'subdir' - sub directory if uploads use year/month folders option is on. * 'basedir' - path without subdir. * 'baseurl' - URL path without subdir. - * 'error' - set to false. + * 'error' - false or error message. * * @since 2.0.0 + * @uses _wp_upload_dir() + * + * @staticvar array $cache + * @staticvar array $tested_paths * * @param string $time Optional. Time formatted in 'yyyy/mm'. Default null. + * @param bool $create_dir Optional. Whether to check and create the uploads directory. + * Default true for backward compatibility. + * @param bool $refresh_cache Optional. Whether to refresh the cache. Default false. * @return array See above for description. */ -function wp_upload_dir( $time = null ) { +function wp_upload_dir( $time = null, $create_dir = true, $refresh_cache = false ) { + static $cache = array(), $tested_paths = array(); + + $key = sprintf( '%d-%s', get_current_blog_id(), (string) $time ); + + if ( $refresh_cache || empty( $cache[ $key ] ) ) { + $cache[ $key ] = _wp_upload_dir( $time ); + } + + /** + * Filters the uploads directory data. + * + * @since 2.0.0 + * + * @param array $uploads Array of upload directory data with keys of 'path', + * 'url', 'subdir, 'basedir', and 'error'. + */ + $uploads = apply_filters( 'upload_dir', $cache[ $key ] ); + + if ( $create_dir ) { + $path = $uploads['path']; + + if ( array_key_exists( $path, $tested_paths ) ) { + $uploads['error'] = $tested_paths[ $path ]; + } else { + if ( ! wp_mkdir_p( $path ) ) { + if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) { + $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; + } else { + $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; + } + + $uploads['error'] = sprintf( + /* translators: %s: directory path */ + __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), + esc_html( $error_path ) + ); + } + + $tested_paths[ $path ] = $uploads['error']; + } + } + + return $uploads; +} + +/** + * A non-filtered, non-cached version of wp_upload_dir() that doesn't check the path. + * + * @since 4.5.0 + * @access private + * + * @param string $time Optional. Time formatted in 'yyyy/mm'. Default null. + * @return array See wp_upload_dir() + */ +function _wp_upload_dir( $time = null ) { $siteurl = get_option( 'siteurl' ); $upload_path = trim( get_option( 'upload_path' ) ); @@ -1808,36 +2025,14 @@ $dir .= $subdir; $url .= $subdir; - /** - * Filter the uploads directory data. - * - * @since 2.0.0 - * - * @param array $uploads Array of upload directory data with keys of 'path', - * 'url', 'subdir, 'basedir', and 'error'. - */ - $uploads = apply_filters( 'upload_dir', - array( - 'path' => $dir, - 'url' => $url, - 'subdir' => $subdir, - 'basedir' => $basedir, - 'baseurl' => $baseurl, - 'error' => false, - ) ); - - // Make sure we have an uploads directory. - if ( ! wp_mkdir_p( $uploads['path'] ) ) { - if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) - $error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir']; - else - $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; - - $message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path ); - $uploads['error'] = $message; - } - - return $uploads; + return array( + 'path' => $dir, + 'url' => $url, + 'subdir' => $subdir, + 'basedir' => $basedir, + 'baseurl' => $baseurl, + 'error' => false, + ); } /** @@ -1854,7 +2049,7 @@ * * @param string $dir Directory. * @param string $filename File name. - * @param callback $unique_filename_callback Callback. Default null. + * @param callable $unique_filename_callback Callback. Default null. * @return string New filename, if given wasn't unique. */ function wp_unique_filename( $dir, $filename, $unique_filename_callback = null ) { @@ -1862,13 +2057,16 @@ $filename = sanitize_file_name($filename); // Separate the filename into a name and extension. - $info = pathinfo($filename); - $ext = !empty($info['extension']) ? '.' . $info['extension'] : ''; - $name = basename($filename, $ext); + $ext = pathinfo( $filename, PATHINFO_EXTENSION ); + $name = pathinfo( $filename, PATHINFO_BASENAME ); + if ( $ext ) { + $ext = '.' . $ext; + } // Edge case: if file is named '.ext', treat as an empty name. - if ( $name === $ext ) + if ( $name === $ext ) { $name = ''; + } /* * Increment the file number until we have a unique file to save in $dir. @@ -1886,23 +2084,38 @@ // Check for both lower and upper case extension or image sub-sizes may be overwritten. while ( file_exists($dir . "/$filename") || file_exists($dir . "/$filename2") ) { - $new_number = $number + 1; - $filename = str_replace( "$number$ext", "$new_number$ext", $filename ); - $filename2 = str_replace( "$number$ext2", "$new_number$ext2", $filename2 ); + $new_number = (int) $number + 1; + $filename = str_replace( array( "-$number$ext", "$number$ext" ), "-$new_number$ext", $filename ); + $filename2 = str_replace( array( "-$number$ext2", "$number$ext2" ), "-$new_number$ext2", $filename2 ); $number = $new_number; } - return $filename2; + + /** + * Filters the result when generating a unique file name. + * + * @since 4.5.0 + * + * @param string $filename Unique file name. + * @param string $ext File extension, eg. ".png". + * @param string $dir Directory path. + * @param callable|null $unique_filename_callback Callback function that generates the unique file name. + */ + return apply_filters( 'wp_unique_filename', $filename2, $ext, $dir, $unique_filename_callback ); } while ( file_exists( $dir . "/$filename" ) ) { - if ( '' == "$number$ext" ) - $filename = $filename . ++$number . $ext; - else - $filename = str_replace( "$number$ext", ++$number . $ext, $filename ); + $new_number = (int) $number + 1; + if ( '' == "$number$ext" ) { + $filename = "$filename-" . $new_number; + } else { + $filename = str_replace( array( "-$number$ext", "$number$ext" ), "-" . $new_number . $ext, $filename ); + } + $number = $new_number; } } - return $filename; + /** This filter is documented in wp-includes/functions.php */ + return apply_filters( 'wp_unique_filename', $filename, $ext, $dir, $unique_filename_callback ); } /** @@ -1930,14 +2143,14 @@ */ function wp_upload_bits( $name, $deprecated, $bits, $time = null ) { if ( !empty( $deprecated ) ) - _deprecated_argument( __FUNCTION__, '2.0' ); + _deprecated_argument( __FUNCTION__, '2.0.0' ); if ( empty( $name ) ) return array( 'error' => __( 'Empty filename' ) ); $wp_filetype = wp_check_filetype( $name ); if ( ! $wp_filetype['ext'] && ! current_user_can( 'unfiltered_upload' ) ) - return array( 'error' => __( 'Invalid file type' ) ); + return array( 'error' => __( 'Sorry, this file type is not permitted for security reasons.' ) ); $upload = wp_upload_dir( $time ); @@ -1945,7 +2158,7 @@ return $upload; /** - * Filter whether to treat the upload bits as an error. + * Filters whether to treat the upload bits as an error. * * Passing a non-array to the filter will effectively short-circuit preparing * the upload bits, returning that value instead. @@ -1969,7 +2182,11 @@ else $error_path = basename( $upload['basedir'] ) . $upload['subdir']; - $message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $error_path ); + $message = sprintf( + /* translators: %s: directory path */ + __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), + $error_path + ); return array( 'error' => $message ); } @@ -1991,7 +2208,8 @@ // Compute the URL $url = $upload['url'] . "/$filename"; - return array( 'file' => $new_file, 'url' => $url, 'error' => false ); + /** This filter is documented in wp-admin/includes/file.php */ + return apply_filters( 'wp_handle_upload', array( 'file' => $new_file, 'url' => $url, 'type' => $wp_filetype['type'], 'error' => false ), 'sideload' ); } /** @@ -2000,39 +2218,15 @@ * @since 2.5.0 * * @param string $ext The extension to search. - * @return string|null The file type, example: audio, video, document, spreadsheet, etc. - * Null if not found. + * @return string|void The file type, example: audio, video, document, spreadsheet, etc. */ function wp_ext2type( $ext ) { $ext = strtolower( $ext ); - /** - * Filter file type based on the extension name. - * - * @since 2.5.0 - * - * @see wp_ext2type() - * - * @param array $ext2type Multi-dimensional array with extensions for a default set - * of file types. - */ - $ext2type = apply_filters( 'ext2type', array( - 'image' => array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico' ), - 'audio' => array( 'aac', 'ac3', 'aif', 'aiff', 'm3a', 'm4a', 'm4b', 'mka', 'mp1', 'mp2', 'mp3', 'ogg', 'oga', 'ram', 'wav', 'wma' ), - 'video' => array( '3g2', '3gp', '3gpp', 'asf', 'avi', 'divx', 'dv', 'flv', 'm4v', 'mkv', 'mov', 'mp4', 'mpeg', 'mpg', 'mpv', 'ogm', 'ogv', 'qt', 'rm', 'vob', 'wmv' ), - 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'xps', 'oxps', 'rtf', 'wp', 'wpd', 'psd', 'xcf' ), - 'spreadsheet' => array( 'numbers', 'ods', 'xls', 'xlsx', 'xlsm', 'xlsb' ), - 'interactive' => array( 'swf', 'key', 'ppt', 'pptx', 'pptm', 'pps', 'ppsx', 'ppsm', 'sldx', 'sldm', 'odp' ), - 'text' => array( 'asc', 'csv', 'tsv', 'txt' ), - 'archive' => array( 'bz2', 'cab', 'dmg', 'gz', 'rar', 'sea', 'sit', 'sqx', 'tar', 'tgz', 'zip', '7z' ), - 'code' => array( 'css', 'htm', 'html', 'php', 'js' ), - ) ); - + $ext2type = wp_get_ext_types(); foreach ( $ext2type as $type => $exts ) if ( in_array( $ext, $exts ) ) return $type; - - return null; } /** @@ -2072,7 +2266,7 @@ * If it's determined that the extension does not match the file's real type, * then the "proper_filename" value will be set with a proper filename and extension. * - * Currently this function only supports validating images known to getimagesize(). + * Currently this function only supports renaming images validated via wp_get_image_mime(). * * @since 3.0.0 * @@ -2084,7 +2278,6 @@ * if original $filename is valid. */ function wp_check_filetype_and_ext( $file, $filename, $mimes = null ) { - $proper_filename = false; // Do basic extension validation and MIME mapping @@ -2097,16 +2290,17 @@ return compact( 'ext', 'type', 'proper_filename' ); } - // We're able to validate images using GD - if ( $type && 0 === strpos( $type, 'image/' ) && function_exists('getimagesize') ) { + $real_mime = false; + + // Validate image types. + if ( $type && 0 === strpos( $type, 'image/' ) ) { // Attempt to figure out what type of image it actually is - $imgstats = @getimagesize( $file ); - - // If getimagesize() knows what kind of image it really is and if the real MIME doesn't match the claimed MIME - if ( !empty($imgstats['mime']) && $imgstats['mime'] != $type ) { + $real_mime = wp_get_image_mime( $file ); + + if ( $real_mime && $real_mime != $type ) { /** - * Filter the list mapping image mime types to their respective extensions. + * Filters the list mapping image mime types to their respective extensions. * * @since 3.0.0 * @@ -2121,10 +2315,10 @@ ) ); // Replace whatever is after the last period in the filename with the correct extension - if ( ! empty( $mime_to_ext[ $imgstats['mime'] ] ) ) { + if ( ! empty( $mime_to_ext[ $real_mime ] ) ) { $filename_parts = explode( '.', $filename ); array_pop( $filename_parts ); - $filename_parts[] = $mime_to_ext[ $imgstats['mime'] ]; + $filename_parts[] = $mime_to_ext[ $real_mime ]; $new_filename = implode( '.', $filename_parts ); if ( $new_filename != $filename ) { @@ -2134,12 +2328,35 @@ $wp_filetype = wp_check_filetype( $new_filename, $mimes ); $ext = $wp_filetype['ext']; $type = $wp_filetype['type']; + } else { + // Reset $real_mime and try validating again. + $real_mime = false; + } + } + } + + // Validate files that didn't get validated during previous checks. + if ( $type && ! $real_mime && extension_loaded( 'fileinfo' ) ) { + $finfo = finfo_open( FILEINFO_MIME_TYPE ); + $real_mime = finfo_file( $finfo, $file ); + finfo_close( $finfo ); + + /* + * If $real_mime doesn't match what we're expecting, we need to do some extra + * vetting of application mime types to make sure this type of file is allowed. + * Other mime types are assumed to be safe, but should be considered unverified. + */ + if ( $real_mime && ( $real_mime !== $type ) && ( 0 === strpos( $real_mime, 'application' ) ) ) { + $allowed = get_allowed_mime_types(); + + if ( ! in_array( $real_mime, $allowed ) ) { + $type = $ext = false; } } } /** - * Filter the "real" file type of the given file. + * Filters the "real" file type of the given file. * * @since 3.0.0 * @@ -2154,6 +2371,39 @@ } /** + * Returns the real mime type of an image file. + * + * This depends on exif_imagetype() or getimagesize() to determine real mime types. + * + * @since 4.7.1 + * + * @param string $file Full path to the file. + * @return string|false The actual mime type or false if the type cannot be determined. + */ +function wp_get_image_mime( $file ) { + /* + * Use exif_imagetype() to check the mimetype if available or fall back to + * getimagesize() if exif isn't avaialbe. If either function throws an Exception + * we assume the file could not be validated. + */ + try { + if ( is_callable( 'exif_imagetype' ) ) { + $imagetype = exif_imagetype( $file ); + $mime = ( $imagetype ) ? image_type_to_mime_type( $imagetype ) : false; + } elseif ( function_exists( 'getimagesize' ) ) { + $imagesize = getimagesize( $file ); + $mime = ( isset( $imagesize['mime'] ) ) ? $imagesize['mime'] : false; + } else { + $mime = false; + } + } catch ( Exception $e ) { + $mime = false; + } + + return $mime; +} + +/** * Retrieve list of mime types and file extensions. * * @since 3.5.0 @@ -2163,10 +2413,10 @@ */ function wp_get_mime_types() { /** - * Filter the list of mime types and file extensions. + * Filters the list of mime types and file extensions. * * This filter should be used to add, not remove, mime types. To remove - * mime types, use the 'upload_mimes' filter. + * mime types, use the {@see 'upload_mimes'} filter. * * @since 3.5.0 * @@ -2209,9 +2459,11 @@ 'dfxp' => 'application/ttaf+xml', // Audio formats. 'mp3|m4a|m4b' => 'audio/mpeg', + 'aac' => 'audio/aac', 'ra|ram' => 'audio/x-realaudio', 'wav' => 'audio/wav', 'ogg|oga' => 'audio/ogg', + 'flac' => 'audio/flac', 'mid|midi' => 'audio/midi', 'wma' => 'audio/x-ms-wma', 'wax' => 'audio/x-ms-wax', @@ -2275,6 +2527,39 @@ 'pages' => 'application/vnd.apple.pages', ) ); } + +/** + * Retrieves the list of common file extensions and their types. + * + * @since 4.6.0 + * + * @return array Array of file extensions types keyed by the type of file. + */ +function wp_get_ext_types() { + + /** + * Filters file type based on the extension name. + * + * @since 2.5.0 + * + * @see wp_ext2type() + * + * @param array $ext2type Multi-dimensional array with extensions for a default set + * of file types. + */ + return apply_filters( 'ext2type', array( + 'image' => array( 'jpg', 'jpeg', 'jpe', 'gif', 'png', 'bmp', 'tif', 'tiff', 'ico' ), + 'audio' => array( 'aac', 'ac3', 'aif', 'aiff', 'flac', 'm3a', 'm4a', 'm4b', 'mka', 'mp1', 'mp2', 'mp3', 'ogg', 'oga', 'ram', 'wav', 'wma' ), + 'video' => array( '3g2', '3gp', '3gpp', 'asf', 'avi', 'divx', 'dv', 'flv', 'm4v', 'mkv', 'mov', 'mp4', 'mpeg', 'mpg', 'mpv', 'ogm', 'ogv', 'qt', 'rm', 'vob', 'wmv' ), + 'document' => array( 'doc', 'docx', 'docm', 'dotm', 'odt', 'pages', 'pdf', 'xps', 'oxps', 'rtf', 'wp', 'wpd', 'psd', 'xcf' ), + 'spreadsheet' => array( 'numbers', 'ods', 'xls', 'xlsx', 'xlsm', 'xlsb' ), + 'interactive' => array( 'swf', 'key', 'ppt', 'pptx', 'pptm', 'pps', 'ppsx', 'ppsm', 'sldx', 'sldm', 'odp' ), + 'text' => array( 'asc', 'csv', 'tsv', 'txt' ), + 'archive' => array( 'bz2', 'cab', 'dmg', 'gz', 'rar', 'sea', 'sit', 'sqx', 'tar', 'tgz', 'zip', '7z' ), + 'code' => array( 'css', 'htm', 'html', 'php', 'js' ), + ) ); +} + /** * Retrieve list of allowed mime types and file extensions. * @@ -2291,11 +2576,12 @@ if ( function_exists( 'current_user_can' ) ) $unfiltered = $user ? user_can( $user, 'unfiltered_html' ) : current_user_can( 'unfiltered_html' ); - if ( empty( $unfiltered ) ) - unset( $t['htm|html'] ); + if ( empty( $unfiltered ) ) { + unset( $t['htm|html'], $t['js'] ); + } /** - * Filter list of allowed mime types and file extensions. + * Filters list of allowed mime types and file extensions. * * @since 2.0.0 * @@ -2319,16 +2605,30 @@ */ function wp_nonce_ays( $action ) { if ( 'log-out' == $action ) { - $html = sprintf( __( 'You are attempting to log out of %s' ), get_bloginfo( 'name' ) ) . '

'; + $html = sprintf( + /* translators: %s: site name */ + __( 'You are attempting to log out of %s' ), + get_bloginfo( 'name' ) + ); + $html .= '

'; $redirect_to = isset( $_REQUEST['redirect_to'] ) ? $_REQUEST['redirect_to'] : ''; - $html .= sprintf( __( "Do you really want to log out?"), wp_logout_url( $redirect_to ) ); + $html .= sprintf( + /* translators: %s: logout URL */ + __( 'Do you really want to log out?' ), + wp_logout_url( $redirect_to ) + ); } else { - $html = __( 'Are you sure you want to do this?' ); - if ( wp_get_referer() ) - $html .= "

" . __( 'Please try again.' ) . ""; - } - - wp_die( $html, __( 'WordPress Failure Notice' ), 403 ); + $html = __( 'The link you followed has expired.' ); + if ( wp_get_referer() ) { + $html .= '

'; + $html .= sprintf( '%s', + esc_url( remove_query_arg( 'updated', wp_get_referer() ) ), + __( 'Please try again.' ) + ); + } + } + + wp_die( $html, __( 'Something went wrong.' ), 403 ); } /** @@ -2347,8 +2647,9 @@ * @since 4.1.0 The `$title` and `$args` parameters were changed to optionally accept * an integer to be used as the response code. * - * @param string|WP_Error $message Optional. Error message. If this is a {@see WP_Error} object, - * the error's messages are used. Default empty. + * @param string|WP_Error $message Optional. Error message. If this is a WP_Error object, + * and not an Ajax or XML-RPC request, the error's messages are used. + * Default empty. * @param string|int $title Optional. Error title. If `$message` is a `WP_Error` object, * error data with the key 'title' may be used to specify the title. * If `$title` is an integer, then it is treated as the response @@ -2357,11 +2658,11 @@ * Optional. Arguments to control behavior. If `$args` is an integer, then it is treated * as the response code. Default empty array. * - * @type int $response The HTTP response code. Default 500. + * @type int $response The HTTP response code. Default 200 for Ajax requests, 500 otherwise. * @type bool $back_link Whether to include a link to go back. Default false. * @type string $text_direction The text direction. This is only useful internally, when WordPress * is still loading and the site's locale is not set up yet. Accepts 'rtl'. - * Default is the value of {@see is_rtl()}. + * Default is the value of is_rtl(). * } */ function wp_die( $message = '', $title = '', $args = array() ) { @@ -2373,31 +2674,31 @@ $title = ''; } - if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) { + if ( wp_doing_ajax() ) { /** - * Filter callback for killing WordPress execution for AJAX requests. + * Filters the callback for killing WordPress execution for Ajax requests. * * @since 3.4.0 * - * @param callback $function Callback function name. + * @param callable $function Callback function name. */ $function = apply_filters( 'wp_die_ajax_handler', '_ajax_wp_die_handler' ); } elseif ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) { /** - * Filter callback for killing WordPress execution for XML-RPC requests. + * Filters the callback for killing WordPress execution for XML-RPC requests. * * @since 3.4.0 * - * @param callback $function Callback function name. + * @param callable $function Callback function name. */ $function = apply_filters( 'wp_die_xmlrpc_handler', '_xmlrpc_wp_die_handler' ); } else { /** - * Filter callback for killing WordPress execution for all non-AJAX, non-XML-RPC requests. + * Filters the callback for killing WordPress execution for all non-Ajax, non-XML-RPC requests. * * @since 3.0.0 * - * @param callback $function Callback function name. + * @param callable $function Callback function name. */ $function = apply_filters( 'wp_die_handler', '_default_wp_die_handler' ); } @@ -2406,17 +2707,17 @@ } /** - * Kill WordPress execution and display HTML message with error message. + * Kills WordPress execution and display HTML message with error message. * * This is the default handler for wp_die if you want a custom one for your - * site then you can overload using the wp_die_handler filter in wp_die + * site then you can overload using the {@see 'wp_die_handler'} filter in wp_die(). * * @since 3.0.0 * @access private * - * @param string $message Error message. - * @param string $title Optional. Error title. Default empty. - * @param string|array $args Optional. Arguments to control behavior. Default empty array. + * @param string|WP_Error $message Error message or WP_Error object. + * @param string $title Optional. Error title. Default empty. + * @param string|array $args Optional. Arguments to control behavior. Default empty array. */ function _default_wp_die_handler( $message, $title = '', $args = array() ) { $defaults = array( 'response' => 500 ); @@ -2468,11 +2769,15 @@ $text_direction = 'rtl'; ?> - > + + <?php echo $title ?> @@ -2592,6 +2913,8 @@ * @since 3.2.0 * @access private * + * @global wp_xmlrpc_server $wp_xmlrpc_server + * * @param string $message Error message. * @param string $title Optional. Error title. Default empty. * @param string|array $args Optional. Arguments to control behavior. Default empty array. @@ -2617,9 +2940,20 @@ * @since 3.4.0 * @access private * - * @param string $message Optional. Response to print. Default empty. - */ -function _ajax_wp_die_handler( $message = '' ) { + * @param string $message Error message. + * @param string $title Optional. Error title (unused). Default empty. + * @param string|array $args Optional. Arguments to control behavior. Default empty array. + */ +function _ajax_wp_die_handler( $message, $title = '', $args = array() ) { + $defaults = array( + 'response' => 200, + ); + $r = wp_parse_args( $args, $defaults ); + + if ( ! headers_sent() && null !== $r['response'] ) { + status_header( $r['response'] ); + } + if ( is_scalar( $message ) ) die( (string) $message ); die( '0' ); @@ -2650,7 +2984,7 @@ * @param int $options Optional. Options to be passed to json_encode(). Default 0. * @param int $depth Optional. Maximum depth to walk through $data. Must be * greater than 0. Default 512. - * @return bool|string The JSON encoded string, or false if it cannot be encoded. + * @return string|false The JSON encoded string, or false if it cannot be encoded. */ function wp_json_encode( $data, $options = 0, $depth = 512 ) { /* @@ -2666,7 +3000,10 @@ $args = array( $data ); } - $json = call_user_func_array( 'json_encode', $args ); + // Prepare the data for JSON serialization. + $args[0] = _wp_json_prepare_data( $data ); + + $json = @call_user_func_array( 'json_encode', $args ); // If json_encode() was successful, no need to do more sanity checking. // ... unless we're in an old version of PHP, and json_encode() returned @@ -2756,6 +3093,8 @@ * * @see _wp_json_sanity_check() * + * @staticvar bool $use_mb + * * @param string $string The string which is to be converted. * @return string The checked string. */ @@ -2778,53 +3117,115 @@ } /** + * Prepares response data to be serialized to JSON. + * + * This supports the JsonSerializable interface for PHP 5.2-5.3 as well. + * + * @ignore + * @since 4.4.0 + * @access private + * + * @param mixed $data Native representation. + * @return bool|int|float|null|string|array Data ready for `json_encode()`. + */ +function _wp_json_prepare_data( $data ) { + if ( ! defined( 'WP_JSON_SERIALIZE_COMPATIBLE' ) || WP_JSON_SERIALIZE_COMPATIBLE === false ) { + return $data; + } + + switch ( gettype( $data ) ) { + case 'boolean': + case 'integer': + case 'double': + case 'string': + case 'NULL': + // These values can be passed through. + return $data; + + case 'array': + // Arrays must be mapped in case they also return objects. + return array_map( '_wp_json_prepare_data', $data ); + + case 'object': + // If this is an incomplete object (__PHP_Incomplete_Class), bail. + if ( ! is_object( $data ) ) { + return null; + } + + if ( $data instanceof JsonSerializable ) { + $data = $data->jsonSerialize(); + } else { + $data = get_object_vars( $data ); + } + + // Now, pass the array (or whatever was returned from jsonSerialize through). + return _wp_json_prepare_data( $data ); + + default: + return null; + } +} + +/** * Send a JSON response back to an Ajax request. * * @since 3.5.0 - * - * @param mixed $response Variable (usually an array or object) to encode as JSON, - * then print and die. - */ -function wp_send_json( $response ) { + * @since 4.7.0 The `$status_code` parameter was added. + * + * @param mixed $response Variable (usually an array or object) to encode as JSON, + * then print and die. + * @param int $status_code The HTTP status code to output. + */ +function wp_send_json( $response, $status_code = null ) { @header( 'Content-Type: application/json; charset=' . get_option( 'blog_charset' ) ); + if ( null !== $status_code ) { + status_header( $status_code ); + } echo wp_json_encode( $response ); - if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) - wp_die(); - else + + if ( wp_doing_ajax() ) { + wp_die( '', '', array( + 'response' => null, + ) ); + } else { die; + } } /** * Send a JSON response back to an Ajax request, indicating success. * * @since 3.5.0 - * - * @param mixed $data Data to encode as JSON, then print and die. - */ -function wp_send_json_success( $data = null ) { + * @since 4.7.0 The `$status_code` parameter was added. + * + * @param mixed $data Data to encode as JSON, then print and die. + * @param int $status_code The HTTP status code to output. + */ +function wp_send_json_success( $data = null, $status_code = null ) { $response = array( 'success' => true ); if ( isset( $data ) ) $response['data'] = $data; - wp_send_json( $response ); + wp_send_json( $response, $status_code ); } /** * Send a JSON response back to an Ajax request, indicating failure. * - * If the `$data` parameter is a {@see WP_Error} object, the errors + * If the `$data` parameter is a WP_Error object, the errors * within the object are processed and output as an array of error * codes and corresponding messages. All other types are output * without further processing. * * @since 3.5.0 - * @since 4.1.0 The `$data` parameter is now processed if a {@see WP_Error} - * object is passed in. - * - * @param mixed $data Data to encode as JSON, then print and die. - */ -function wp_send_json_error( $data = null ) { + * @since 4.1.0 The `$data` parameter is now processed if a WP_Error object is passed in. + * @since 4.7.0 The `$status_code` parameter was added. + * + * @param mixed $data Data to encode as JSON, then print and die. + * @param int $status_code The HTTP status code to output. + */ +function wp_send_json_error( $data = null, $status_code = null ) { $response = array( 'success' => false ); if ( isset( $data ) ) { @@ -2842,7 +3243,29 @@ } } - wp_send_json( $response ); + wp_send_json( $response, $status_code ); +} + +/** + * Checks that a JSONP callback is a valid JavaScript callback. + * + * Only allows alphanumeric characters and the dot character in callback + * function names. This helps to mitigate XSS attacks caused by directly + * outputting user input. + * + * @since 4.6.0 + * + * @param string $callback Supplied JSONP callback function. + * @return bool True if valid callback, otherwise false. + */ +function wp_check_jsonp_callback( $callback ) { + if ( ! is_string( $callback ) ) { + return false; + } + + preg_replace( '/[^\w\.]/', '', $callback, -1, $illegal_char_count ); + + return 0 === $illegal_char_count; } /** @@ -2888,6 +3311,16 @@ } /** + * Delete the fresh site option. + * + * @since 4.7.0 + * @access private + */ +function _delete_option_fresh_site() { + update_option( 'fresh_site', '0' ); +} + +/** * Set the localized direction for MCE plugin. * * Will only set the direction to 'rtl', if the WordPress locale has @@ -2896,28 +3329,29 @@ * Fills in the 'directionality' setting, enables the 'directionality' * plugin, and adds the 'ltr' button to 'toolbar1', formerly * 'theme_advanced_buttons1' array keys. These keys are then returned - * in the $input (TinyMCE settings) array. + * in the $mce_init (TinyMCE settings) array. * * @since 2.1.0 * @access private * - * @param array $input MCE settings array. + * @param array $mce_init MCE settings array. * @return array Direction set for 'rtl', if needed by locale. */ -function _mce_set_direction( $input ) { +function _mce_set_direction( $mce_init ) { if ( is_rtl() ) { - $input['directionality'] = 'rtl'; - - if ( ! empty( $input['plugins'] ) && strpos( $input['plugins'], 'directionality' ) === false ) { - $input['plugins'] .= ',directionality'; + $mce_init['directionality'] = 'rtl'; + $mce_init['rtl_ui'] = true; + + if ( ! empty( $mce_init['plugins'] ) && strpos( $mce_init['plugins'], 'directionality' ) === false ) { + $mce_init['plugins'] .= ',directionality'; } - if ( ! empty( $input['toolbar1'] ) && ! preg_match( '/\bltr\b/', $input['toolbar1'] ) ) { - $input['toolbar1'] .= ',ltr'; + if ( ! empty( $mce_init['toolbar1'] ) && ! preg_match( '/\bltr\b/', $mce_init['toolbar1'] ) ) { + $mce_init['toolbar1'] .= ',ltr'; } } - return $input; + return $mce_init; } @@ -2957,7 +3391,7 @@ ':twisted:' => "\xf0\x9f\x98\x88", ':arrow:' => "\xe2\x9e\xa1", ':shock:' => "\xf0\x9f\x98\xaf", - ':smile:' => 'simple-smile.png', + ':smile:' => "\xf0\x9f\x99\x82", ':???:' => "\xf0\x9f\x98\x95", ':cool:' => "\xf0\x9f\x98\x8e", ':evil:' => "\xf0\x9f\x91\xbf", @@ -2965,17 +3399,17 @@ ':idea:' => "\xf0\x9f\x92\xa1", ':oops:' => "\xf0\x9f\x98\xb3", ':razz:' => "\xf0\x9f\x98\x9b", - ':roll:' => 'rolleyes.png', + ':roll:' => "\xf0\x9f\x99\x84", ':wink:' => "\xf0\x9f\x98\x89", ':cry:' => "\xf0\x9f\x98\xa5", ':eek:' => "\xf0\x9f\x98\xae", ':lol:' => "\xf0\x9f\x98\x86", ':mad:' => "\xf0\x9f\x98\xa1", - ':sad:' => 'frownie.png', + ':sad:' => "\xf0\x9f\x99\x81", '8-)' => "\xf0\x9f\x98\x8e", '8-O' => "\xf0\x9f\x98\xaf", - ':-(' => 'frownie.png', - ':-)' => 'simple-smile.png', + ':-(' => "\xf0\x9f\x99\x81", + ':-)' => "\xf0\x9f\x99\x82", ':-?' => "\xf0\x9f\x98\x95", ':-D' => "\xf0\x9f\x98\x80", ':-P' => "\xf0\x9f\x98\x9b", @@ -2986,8 +3420,8 @@ // This one transformation breaks regular text with frequency. // '8)' => "\xf0\x9f\x98\x8e", '8O' => "\xf0\x9f\x98\xaf", - ':(' => 'frownie.png', - ':)' => 'simple-smile.png', + ':(' => "\xf0\x9f\x99\x81", + ':)' => "\xf0\x9f\x99\x82", ':?' => "\xf0\x9f\x98\x95", ':D' => "\xf0\x9f\x98\x80", ':P' => "\xf0\x9f\x98\x9b", @@ -3000,6 +3434,18 @@ ); } + /** + * Filters all the smilies. + * + * This filter must be added before `smilies_init` is run, as + * it is normally only run once to setup the smilies regex. + * + * @since 4.7.0 + * + * @param array $wpsmiliestrans List of the smilies. + */ + $wpsmiliestrans = apply_filters('smilies', $wpsmiliestrans); + if (count($wpsmiliestrans) == 0) { return; } @@ -3046,9 +3492,10 @@ * to be merged into another array. * * @since 2.2.0 - * - * @param string|array $args Value to merge with $defaults - * @param array $defaults Optional. Array that serves as the defaults. Default empty. + * @since 2.3.0 `$args` can now also be an object. + * + * @param string|array|object $args Value to merge with $defaults. + * @param array $defaults Optional. Array that serves as the defaults. Default empty. * @return array Merged user defined values with defaults. */ function wp_parse_args( $args, $defaults = '' ) { @@ -3080,6 +3527,26 @@ } /** + * Clean up an array, comma- or space-separated list of slugs. + * + * @since 4.7.0 + * + * @param array|string $list List of slugs. + * @return array Sanitized array of slugs. + */ +function wp_parse_slug_list( $list ) { + if ( ! is_array( $list ) ) { + $list = preg_split( '/[\s,]+/', $list ); + } + + foreach ( $list as $key => $value ) { + $list[ $key ] = sanitize_title( $value ); + } + + return array_unique( $list ); +} + +/** * Extract a slice of an array, given a list of keys. * * @since 3.1.0 @@ -3098,36 +3565,61 @@ } /** + * Determines if the variable is a numeric-indexed array. + * + * @since 4.4.0 + * + * @param mixed $data Variable to check. + * @return bool Whether the variable is a list. + */ +function wp_is_numeric_array( $data ) { + if ( ! is_array( $data ) ) { + return false; + } + + $keys = array_keys( $data ); + $string_keys = array_filter( $keys, 'is_string' ); + return count( $string_keys ) === 0; +} + +/** * Filters a list of objects, based on a set of key => value arguments. * * @since 3.0.0 + * @since 4.7.0 Uses WP_List_Util class. * * @param array $list An array of objects to filter * @param array $args Optional. An array of key => value arguments to match * against each object. Default empty array. * @param string $operator Optional. The logical operation to perform. 'or' means * only one element from the array needs to match; 'and' - * means all elements must match. Default 'and'. + * means all elements must match; 'not' means no elements may + * match. Default 'and'. * @param bool|string $field A field from the object to place instead of the entire object. * Default false. * @return array A list of objects or object fields. */ function wp_filter_object_list( $list, $args = array(), $operator = 'and', $field = false ) { - if ( ! is_array( $list ) ) + if ( ! is_array( $list ) ) { return array(); - - $list = wp_list_filter( $list, $args, $operator ); - - if ( $field ) - $list = wp_list_pluck( $list, $field ); - - return $list; + } + + $util = new WP_List_Util( $list ); + + $util->filter( $args, $operator ); + + if ( $field ) { + $util->pluck( $field ); + } + + return $util->get_output(); } /** * Filters a list of objects, based on a set of key => value arguments. * * @since 3.1.0 + * @since 4.7.0 Uses WP_List_Util class. * * @param array $list An array of objects to filter. * @param array $args Optional. An array of key => value arguments to match @@ -3139,33 +3631,12 @@ * @return array Array of found values. */ function wp_list_filter( $list, $args = array(), $operator = 'AND' ) { - if ( ! is_array( $list ) ) + if ( ! is_array( $list ) ) { return array(); - - if ( empty( $args ) ) - return $list; - - $operator = strtoupper( $operator ); - $count = count( $args ); - $filtered = array(); - - foreach ( $list as $key => $obj ) { - $to_match = (array) $obj; - - $matched = 0; - foreach ( $args as $m_key => $m_value ) { - if ( array_key_exists( $m_key, $to_match ) && $m_value == $to_match[ $m_key ] ) - $matched++; - } - - if ( ( 'AND' == $operator && $matched == $count ) - || ( 'OR' == $operator && $matched > 0 ) - || ( 'NOT' == $operator && 0 == $matched ) ) { - $filtered[$key] = $obj; - } - } - - return $filtered; + } + + $util = new WP_List_Util( $list ); + return $util->filter( $args, $operator ); } /** @@ -3176,6 +3647,7 @@ * * @since 3.1.0 * @since 4.0.0 $index_key parameter added. + * @since 4.7.0 Uses WP_List_Util class. * * @param array $list List of objects or arrays * @param int|string $field Field from the object to place instead of the entire object @@ -3186,43 +3658,30 @@ * `$list` will be preserved in the results. */ function wp_list_pluck( $list, $field, $index_key = null ) { - if ( ! $index_key ) { - /* - * This is simple. Could at some point wrap array_column() - * if we knew we had an array of arrays. - */ - foreach ( $list as $key => $value ) { - if ( is_object( $value ) ) { - $list[ $key ] = $value->$field; - } else { - $list[ $key ] = $value[ $field ]; - } - } - return $list; - } - - /* - * When index_key is not set for a particular item, push the value - * to the end of the stack. This is how array_column() behaves. - */ - $newlist = array(); - foreach ( $list as $value ) { - if ( is_object( $value ) ) { - if ( isset( $value->$index_key ) ) { - $newlist[ $value->$index_key ] = $value->$field; - } else { - $newlist[] = $value->$field; - } - } else { - if ( isset( $value[ $index_key ] ) ) { - $newlist[ $value[ $index_key ] ] = $value[ $field ]; - } else { - $newlist[] = $value[ $field ]; - } - } - } - - return $newlist; + $util = new WP_List_Util( $list ); + return $util->pluck( $field, $index_key ); +} + +/** + * Sorts a list of objects, based on one or more orderby arguments. + * + * @since 4.7.0 + * + * @param array $list An array of objects to filter. + * @param string|array $orderby Optional. Either the field name to order by or an array + * of multiple orderby fields as $orderby => $order. + * @param string $order Optional. Either 'ASC' or 'DESC'. Only used if $orderby + * is a string. + * @param bool $preserve_keys Optional. Whether to preserve keys. Default false. + * @return array The sorted array. + */ +function wp_list_sort( $list, $orderby = array(), $order = 'ASC', $preserve_keys = false ) { + if ( ! is_array( $list ) ) { + return array(); + } + + $util = new WP_List_Util( $list ); + return $util->sort( $orderby, $order, $preserve_keys ); } /** @@ -3235,7 +3694,7 @@ */ function wp_maybe_load_widgets() { /** - * Filter whether to load the Widgets library. + * Filters whether to load the Widgets library. * * Passing a falsey value to the filter will effectively short-circuit * the Widgets library from loading. @@ -3258,6 +3717,8 @@ * Append the Widgets menu to the themes main menu. * * @since 2.2.0 + * + * @global array $submenu */ function wp_widgets_add_menu() { global $submenu; @@ -3312,7 +3773,7 @@ } // If installing or in the admin, provide the verbose message. - if ( defined('WP_INSTALLING') || defined('WP_ADMIN') ) + if ( wp_installing() || defined( 'WP_ADMIN' ) ) wp_die($wpdb->error); // Otherwise, be terse. @@ -3350,11 +3811,11 @@ /** * Mark a function as deprecated and inform when it has been used. * - * There is a hook deprecated_function_run that will be called that can be used + * There is a {@see 'hook deprecated_function_run'} that will be called that can be used * to get the backtrace up to what file and function called the deprecated * function. * - * The current behavior is to trigger a user error if WP_DEBUG is true. + * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * This function is to be used in every function that is deprecated. * @@ -3379,7 +3840,7 @@ do_action( 'deprecated_function_run', $function, $replacement, $version ); /** - * Filter whether to trigger an error for deprecated functions. + * Filters whether to trigger an error for deprecated functions. * * @since 2.5.0 * @@ -3387,27 +3848,98 @@ */ if ( WP_DEBUG && apply_filters( 'deprecated_function_trigger_error', true ) ) { if ( function_exists( '__' ) ) { - if ( ! is_null( $replacement ) ) + if ( ! is_null( $replacement ) ) { + /* translators: 1: PHP function name, 2: version number, 3: alternative function name */ trigger_error( sprintf( __('%1$s is deprecated since version %2$s! Use %3$s instead.'), $function, $version, $replacement ) ); - else + } else { + /* translators: 1: PHP function name, 2: version number */ trigger_error( sprintf( __('%1$s is deprecated since version %2$s with no alternative available.'), $function, $version ) ); + } } else { - if ( ! is_null( $replacement ) ) + if ( ! is_null( $replacement ) ) { trigger_error( sprintf( '%1$s is deprecated since version %2$s! Use %3$s instead.', $function, $version, $replacement ) ); - else + } else { trigger_error( sprintf( '%1$s is deprecated since version %2$s with no alternative available.', $function, $version ) ); + } } } } /** + * Marks a constructor as deprecated and informs when it has been used. + * + * Similar to _deprecated_function(), but with different strings. Used to + * remove PHP4 style constructors. + * + * The current behavior is to trigger a user error if `WP_DEBUG` is true. + * + * This function is to be used in every PHP4 style constructor method that is deprecated. + * + * @since 4.3.0 + * @since 4.5.0 Added the `$parent_class` parameter. + * + * @access private + * + * @param string $class The class containing the deprecated constructor. + * @param string $version The version of WordPress that deprecated the function. + * @param string $parent_class Optional. The parent class calling the deprecated constructor. + * Default empty string. + */ +function _deprecated_constructor( $class, $version, $parent_class = '' ) { + + /** + * Fires when a deprecated constructor is called. + * + * @since 4.3.0 + * @since 4.5.0 Added the `$parent_class` parameter. + * + * @param string $class The class containing the deprecated constructor. + * @param string $version The version of WordPress that deprecated the function. + * @param string $parent_class The parent class calling the deprecated constructor. + */ + do_action( 'deprecated_constructor_run', $class, $version, $parent_class ); + + /** + * Filters whether to trigger an error for deprecated functions. + * + * `WP_DEBUG` must be true in addition to the filter evaluating to true. + * + * @since 4.3.0 + * + * @param bool $trigger Whether to trigger the error for deprecated functions. Default true. + */ + if ( WP_DEBUG && apply_filters( 'deprecated_constructor_trigger_error', true ) ) { + if ( function_exists( '__' ) ) { + if ( ! empty( $parent_class ) ) { + /* translators: 1: PHP class name, 2: PHP parent class name, 3: version number, 4: __construct() method */ + trigger_error( sprintf( __( 'The called constructor method for %1$s in %2$s is deprecated since version %3$s! Use %4$s instead.' ), + $class, $parent_class, $version, '

__construct()
' ) ); + } else { + /* translators: 1: PHP class name, 2: version number, 3: __construct() method */ + trigger_error( sprintf( __( 'The called constructor method for %1$s is deprecated since version %2$s! Use %3$s instead.' ), + $class, $version, '
__construct()
' ) ); + } + } else { + if ( ! empty( $parent_class ) ) { + trigger_error( sprintf( 'The called constructor method for %1$s in %2$s is deprecated since version %3$s! Use %4$s instead.', + $class, $parent_class, $version, '
__construct()
' ) ); + } else { + trigger_error( sprintf( 'The called constructor method for %1$s is deprecated since version %2$s! Use %3$s instead.', + $class, $version, '
__construct()
' ) ); + } + } + } + +} + +/** * Mark a file as deprecated and inform when it has been used. * - * There is a hook deprecated_file_included that will be called that can be used + * There is a hook {@see 'deprecated_file_included'} that will be called that can be used * to get the backtrace up to what file and function included the deprecated * file. * - * The current behavior is to trigger a user error if WP_DEBUG is true. + * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * This function is to be used in every file that is deprecated. * @@ -3435,7 +3967,7 @@ do_action( 'deprecated_file_included', $file, $replacement, $version, $message ); /** - * Filter whether to trigger an error for deprecated files. + * Filters whether to trigger an error for deprecated files. * * @since 2.5.0 * @@ -3444,15 +3976,19 @@ if ( WP_DEBUG && apply_filters( 'deprecated_file_trigger_error', true ) ) { $message = empty( $message ) ? '' : ' ' . $message; if ( function_exists( '__' ) ) { - if ( ! is_null( $replacement ) ) + if ( ! is_null( $replacement ) ) { + /* translators: 1: PHP file name, 2: version number, 3: alternative file name */ trigger_error( sprintf( __('%1$s is deprecated since version %2$s! Use %3$s instead.'), $file, $version, $replacement ) . $message ); - else + } else { + /* translators: 1: PHP file name, 2: version number */ trigger_error( sprintf( __('%1$s is deprecated since version %2$s with no alternative available.'), $file, $version ) . $message ); + } } else { - if ( ! is_null( $replacement ) ) + if ( ! is_null( $replacement ) ) { trigger_error( sprintf( '%1$s is deprecated since version %2$s! Use %3$s instead.', $file, $version, $replacement ) . $message ); - else + } else { trigger_error( sprintf( '%1$s is deprecated since version %2$s with no alternative available.', $file, $version ) . $message ); + } } } } @@ -3465,7 +4001,7 @@ * For example: * * if ( ! empty( $deprecated ) ) { - * _deprecated_argument( __FUNCTION__, '3.0' ); + * _deprecated_argument( __FUNCTION__, '3.0.0' ); * } * * @@ -3496,7 +4032,7 @@ do_action( 'deprecated_argument_run', $function, $message, $version ); /** - * Filter whether to trigger an error for deprecated arguments. + * Filters whether to trigger an error for deprecated arguments. * * @since 3.0.0 * @@ -3504,15 +4040,71 @@ */ if ( WP_DEBUG && apply_filters( 'deprecated_argument_trigger_error', true ) ) { if ( function_exists( '__' ) ) { - if ( ! is_null( $message ) ) + if ( ! is_null( $message ) ) { + /* translators: 1: PHP function name, 2: version number, 3: optional message regarding the change */ trigger_error( sprintf( __('%1$s was called with an argument that is deprecated since version %2$s! %3$s'), $function, $version, $message ) ); - else + } else { + /* translators: 1: PHP function name, 2: version number */ trigger_error( sprintf( __('%1$s was called with an argument that is deprecated since version %2$s with no alternative available.'), $function, $version ) ); + } } else { - if ( ! is_null( $message ) ) + if ( ! is_null( $message ) ) { trigger_error( sprintf( '%1$s was called with an argument that is deprecated since version %2$s! %3$s', $function, $version, $message ) ); - else + } else { trigger_error( sprintf( '%1$s was called with an argument that is deprecated since version %2$s with no alternative available.', $function, $version ) ); + } + } + } +} + +/** + * Marks a deprecated action or filter hook as deprecated and throws a notice. + * + * Use the {@see 'deprecated_hook_run'} action to get the backtrace describing where + * the deprecated hook was called. + * + * Default behavior is to trigger a user error if `WP_DEBUG` is true. + * + * This function is called by the do_action_deprecated() and apply_filters_deprecated() + * functions, and so generally does not need to be called directly. + * + * @since 4.6.0 + * @access private + * + * @param string $hook The hook that was used. + * @param string $version The version of WordPress that deprecated the hook. + * @param string $replacement Optional. The hook that should have been used. + * @param string $message Optional. A message regarding the change. + */ +function _deprecated_hook( $hook, $version, $replacement = null, $message = null ) { + /** + * Fires when a deprecated hook is called. + * + * @since 4.6.0 + * + * @param string $hook The hook that was called. + * @param string $replacement The hook that should be used as a replacement. + * @param string $version The version of WordPress that deprecated the argument used. + * @param string $message A message regarding the change. + */ + do_action( 'deprecated_hook_run', $hook, $replacement, $version, $message ); + + /** + * Filters whether to trigger deprecated hook errors. + * + * @since 4.6.0 + * + * @param bool $trigger Whether to trigger deprecated hook errors. Requires + * `WP_DEBUG` to be defined true. + */ + if ( WP_DEBUG && apply_filters( 'deprecated_hook_trigger_error', true ) ) { + $message = empty( $message ) ? '' : ' ' . $message; + if ( ! is_null( $replacement ) ) { + /* translators: 1: WordPress hook name, 2: version number, 3: alternative hook name */ + trigger_error( sprintf( __( '%1$s is deprecated since version %2$s! Use %3$s instead.' ), $hook, $version, $replacement ) . $message ); + } else { + /* translators: 1: WordPress hook name, 2: version number */ + trigger_error( sprintf( __( '%1$s is deprecated since version %2$s with no alternative available.' ), $hook, $version ) . $message ); } } } @@ -3520,11 +4112,11 @@ /** * Mark something as being incorrectly called. * - * There is a hook doing_it_wrong_run that will be called that can be used + * There is a hook {@see 'doing_it_wrong_run'} that will be called that can be used * to get the backtrace up to what file and function called the deprecated * function. * - * The current behavior is to trigger a user error if WP_DEBUG is true. + * The current behavior is to trigger a user error if `WP_DEBUG` is true. * * @since 3.1.0 * @access private @@ -3547,7 +4139,7 @@ do_action( 'doing_it_wrong_run', $function, $message, $version ); /** - * Filter whether to trigger an error for _doing_it_wrong() calls. + * Filters whether to trigger an error for _doing_it_wrong() calls. * * @since 3.1.0 * @@ -3555,12 +4147,27 @@ */ if ( WP_DEBUG && apply_filters( 'doing_it_wrong_trigger_error', true ) ) { if ( function_exists( '__' ) ) { - $version = is_null( $version ) ? '' : sprintf( __( '(This message was added in version %s.)' ), $version ); - $message .= ' ' . __( 'Please see Debugging in WordPress for more information.' ); + if ( is_null( $version ) ) { + $version = ''; + } else { + /* translators: %s: version number */ + $version = sprintf( __( '(This message was added in version %s.)' ), $version ); + } + /* translators: %s: Codex URL */ + $message .= ' ' . sprintf( __( 'Please see Debugging in WordPress for more information.' ), + __( 'https://codex.wordpress.org/Debugging_in_WordPress' ) + ); + /* translators: Developer debugging message. 1: PHP function name, 2: Explanatory message, 3: Version information message */ trigger_error( sprintf( __( '%1$s was called incorrectly. %2$s %3$s' ), $function, $message, $version ) ); } else { - $version = is_null( $version ) ? '' : sprintf( '(This message was added in version %s.)', $version ); - $message .= ' Please see Debugging in WordPress for more information.'; + if ( is_null( $version ) ) { + $version = ''; + } else { + $version = sprintf( '(This message was added in version %s.)', $version ); + } + $message .= sprintf( ' Please see Debugging in WordPress for more information.', + 'https://codex.wordpress.org/Debugging_in_WordPress' + ); trigger_error( sprintf( '%1$s was called incorrectly. %2$s %3$s', $function, $message, $version ) ); } } @@ -3584,6 +4191,8 @@ * * @since 2.5.0 * + * @global bool $is_apache + * * @param string $mod The module, e.g. mod_rewrite. * @param bool $default Optional. The default return value if the module is not found. Default false. * @return bool Whether the specified module is loaded. @@ -3613,6 +4222,8 @@ * * @since 2.8.0 * + * @global bool $is_iis7 + * * @return bool Whether IIS7 supports permalinks. */ function iis7_supports_permalinks() { @@ -3629,11 +4240,11 @@ * Lastly we make sure that PHP is running via FastCGI. This is important because if it runs * via ISAPI then pretty permalinks will not work. */ - $supports_permalinks = class_exists('DOMDocument') && isset($_SERVER['IIS_UrlRewriteModule']) && ( PHP_SAPI == 'cgi-fcgi' ); + $supports_permalinks = class_exists( 'DOMDocument', false ) && isset($_SERVER['IIS_UrlRewriteModule']) && ( PHP_SAPI == 'cgi-fcgi' ); } /** - * Filter whether IIS 7+ supports pretty permalinks. + * Filters whether IIS 7+ supports pretty permalinks. * * @since 2.8.0 * @@ -3643,29 +4254,41 @@ } /** - * File validates against allowed set of defined rules. - * - * A return value of '1' means that the $file contains either '..' or './'. A - * return value of '2' means that the $file contains ':' after the first - * character. A return value of '3' means that the file is not in the allowed - * files list. + * Validates a file name and path against an allowed set of rules. + * + * A return value of `1` means the file path contains directory traversal. + * + * A return value of `2` means the file path contains a Windows drive path. + * + * A return value of `3` means the file is not in the allowed files list. * * @since 1.2.0 * - * @param string $file File path. - * @param array $allowed_files List of allowed files. + * @param string $file File path. + * @param array $allowed_files Optional. List of allowed files. * @return int 0 means nothing is wrong, greater than 0 means something was wrong. */ -function validate_file( $file, $allowed_files = '' ) { - if ( false !== strpos( $file, '..' ) ) +function validate_file( $file, $allowed_files = array() ) { + // `../` on its own is not allowed: + if ( '../' === $file ) { + return 1; + } + + // More than one occurence of `../` is not allowed: + if ( preg_match_all( '#\.\./#', $file, $matches, PREG_SET_ORDER ) && ( count( $matches ) > 1 ) ) { return 1; - - if ( false !== strpos( $file, './' ) ) + } + + // `../` which does not occur at the end of the path is not allowed: + if ( false !== strpos( $file, '../' ) && '../' !== mb_substr( $file, -3, 3 ) ) { return 1; - + } + + // Files not in the allowed file list are not allowed: if ( ! empty( $allowed_files ) && ! in_array( $file, $allowed_files ) ) return 3; + // Absolute Windows drive paths are not allowed: if (':' == substr( $file, 1, 1 ) ) return 2; @@ -3673,43 +4296,12 @@ } /** - * Determine if SSL is used. - * - * @since 2.6.0 - * - * @return bool True if SSL, false if not used. - */ -function is_ssl() { - if ( isset($_SERVER['HTTPS']) ) { - if ( 'on' == strtolower($_SERVER['HTTPS']) ) - return true; - if ( '1' == $_SERVER['HTTPS'] ) - return true; - } elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) { - return true; - } - return false; -} - -/** - * Whether SSL login should be forced. - * - * @since 2.6.0 - * - * @see force_ssl_admin() - * - * @param string|bool $force Optional Whether to force SSL login. Default null. - * @return bool True if forced, false if not forced. - */ -function force_ssl_login( $force = null ) { - return force_ssl_admin( $force ); -} - -/** * Whether to force SSL used for the Administration Screens. * * @since 2.6.0 * + * @staticvar bool $forced + * * @param string|bool $force Optional. Whether to force SSL in admin screens. Default null. * @return bool True if forced, false if not forced. */ @@ -3755,12 +4347,12 @@ if ( false !== strpos( $_SERVER['SCRIPT_FILENAME'], $abspath_fix ) ) { // Request is hitting a file inside ABSPATH $directory = str_replace( ABSPATH, '', $script_filename_dir ); - // Strip off the sub directory, and any file/query paramss + // Strip off the sub directory, and any file/query params $path = preg_replace( '#/' . preg_quote( $directory, '#' ) . '/[^/]*$#i', '' , $_SERVER['REQUEST_URI'] ); } elseif ( false !== strpos( $abspath_fix, $script_filename_dir ) ) { // Request is hitting a file above ABSPATH $subdirectory = substr( $abspath_fix, strpos( $abspath_fix, $script_filename_dir ) + strlen( $script_filename_dir ) ); - // Strip off any file/query params from the path, appending the sub directory to the install + // Strip off any file/query params from the path, appending the sub directory to the installation $path = preg_replace( '#/[^/]*$#i', '' , $_SERVER['REQUEST_URI'] ) . $subdirectory; } else { $path = $_SERVER['REQUEST_URI']; @@ -3786,6 +4378,8 @@ * * @since 3.3.0 * + * @staticvar bool $_suspend + * * @param bool $suspend Optional. Suspends additions if true, re-enables them if false. * @return bool The current suspend setting */ @@ -3801,12 +4395,14 @@ /** * Suspend cache invalidation. * - * Turns cache invalidation on and off. Useful during imports where you don't wont to do + * Turns cache invalidation on and off. Useful during imports where you don't want to do * invalidations every time a post is inserted. Callers must be sure that what they are * doing won't lead to an inconsistent cache when invalidation is suspended. * * @since 2.7.0 * + * @global bool $_wp_suspend_cache_invalidation + * * @param bool $suspend Optional. Whether to suspend or enable cache invalidation. Default true. * @return bool The current suspend setting. */ @@ -3822,27 +4418,52 @@ * Determine whether a site is the main site of the current network. * * @since 3.0.0 - * - * @param int $site_id Optional. Site ID to test. Defaults to current site. - * Defaults to current site. + * @since 4.9.0 The $network_id parameter has been added. + * + * @param int $site_id Optional. Site ID to test. Defaults to current site. + * @param int $network_id Optional. Network ID of the network to check for. + * Defaults to current network. * @return bool True if $site_id is the main site of the network, or if not * running Multisite. */ -function is_main_site( $site_id = null ) { - // This is the current network's information; 'site' is old terminology. - global $current_site; - - if ( ! is_multisite() ) +function is_main_site( $site_id = null, $network_id = null ) { + if ( ! is_multisite() ) { return true; - - if ( ! $site_id ) + } + + if ( ! $site_id ) { $site_id = get_current_blog_id(); - - return (int) $site_id === (int) $current_site->blog_id; + } + + $site_id = (int) $site_id; + + return $site_id === get_main_site_id( $network_id ); } /** - * Determine whether a network is the main network of the Multisite install. + * Gets the main site ID. + * + * @since 4.9.0 + * + * @param int $network_id Optional. The ID of the network for which to get the main site. + * Defaults to the current network. + * @return int The ID of the main site. + */ +function get_main_site_id( $network_id = null ) { + if ( ! is_multisite() ) { + return get_current_blog_id(); + } + + $network = get_network( $network_id ); + if ( ! $network ) { + return 0; + } + + return $network->site_id; +} + +/** + * Determine whether a network is the main network of the Multisite installation. * * @since 3.7.0 * @@ -3850,32 +4471,51 @@ * @return bool True if $network_id is the main network, or if not running Multisite. */ function is_main_network( $network_id = null ) { - global $wpdb; - - if ( ! is_multisite() ) + if ( ! is_multisite() ) { return true; - - $current_network_id = (int) get_current_site()->id; - - if ( ! $network_id ) - $network_id = $current_network_id; + } + + if ( null === $network_id ) { + $network_id = get_current_network_id(); + } + $network_id = (int) $network_id; - if ( defined( 'PRIMARY_NETWORK_ID' ) ) - return $network_id === (int) PRIMARY_NETWORK_ID; - - if ( 1 === $current_network_id ) - return $network_id === $current_network_id; - - $primary_network_id = (int) wp_cache_get( 'primary_network_id', 'site-options' ); - - if ( $primary_network_id ) - return $network_id === $primary_network_id; - - $primary_network_id = (int) $wpdb->get_var( "SELECT id FROM $wpdb->site ORDER BY id LIMIT 1" ); - wp_cache_add( 'primary_network_id', $primary_network_id, 'site-options' ); - - return $network_id === $primary_network_id; + return ( $network_id === get_main_network_id() ); +} + +/** + * Get the main network ID. + * + * @since 4.3.0 + * + * @return int The ID of the main network. + */ +function get_main_network_id() { + if ( ! is_multisite() ) { + return 1; + } + + $current_network = get_network(); + + if ( defined( 'PRIMARY_NETWORK_ID' ) ) { + $main_network_id = PRIMARY_NETWORK_ID; + } elseif ( isset( $current_network->id ) && 1 === (int) $current_network->id ) { + // If the current network has an ID of 1, assume it is the main network. + $main_network_id = 1; + } else { + $_networks = get_networks( array( 'fields' => 'ids', 'number' => 1 ) ); + $main_network_id = array_shift( $_networks ); + } + + /** + * Filters the main network ID. + * + * @since 4.3.0 + * + * @param int $main_network_id The ID of the main network. + */ + return (int) apply_filters( 'get_main_network_id', $main_network_id ); } /** @@ -3883,6 +4523,8 @@ * * @since 3.0.0 * + * @staticvar bool $global_terms + * * @return bool True if multisite and global terms enabled. */ function global_terms_enabled() { @@ -3893,14 +4535,14 @@ if ( is_null( $global_terms ) ) { /** - * Filter whether global terms are enabled. + * Filters whether global terms are enabled. * * Passing a non-null value to the filter will effectively short-circuit the function, * returning the value of the 'global_terms_enabled' site option instead. * * @since 3.0.0 * - * @param null $anbled Whether global terms are enabled. + * @param null $enabled Whether global terms are enabled. */ $filter = apply_filters( 'global_terms_enabled', null ); if ( ! is_null( $filter ) ) @@ -3918,7 +4560,7 @@ * * @since 2.8.0 * - * @return float|bool Timezone GMT offset, false otherwise. + * @return float|false Timezone GMT offset, false otherwise. */ function wp_timezone_override_offset() { if ( !$timezone_string = get_option( 'timezone_string' ) ) { @@ -3985,19 +4627,25 @@ * Gives a nicely-formatted list of timezone strings. * * @since 2.9.0 + * @since 4.7.0 Added the `$locale` parameter. + * + * @staticvar bool $mo_loaded + * @staticvar string $locale_loaded * * @param string $selected_zone Selected timezone. + * @param string $locale Optional. Locale to load the timezones in. Default current site locale. * @return string */ -function wp_timezone_choice( $selected_zone ) { - static $mo_loaded = false; +function wp_timezone_choice( $selected_zone, $locale = null ) { + static $mo_loaded = false, $locale_loaded = null; $continents = array( 'Africa', 'America', 'Antarctica', 'Arctic', 'Asia', 'Atlantic', 'Australia', 'Europe', 'Indian', 'Pacific'); - // Load translations for continents and cities - if ( !$mo_loaded ) { - $locale = get_locale(); - $mofile = WP_LANG_DIR . '/continents-cities-' . $locale . '.mo'; + // Load translations for continents and cities. + if ( ! $mo_loaded || $locale !== $locale_loaded ) { + $locale_loaded = $locale ? $locale : get_locale(); + $mofile = WP_LANG_DIR . '/continents-cities-' . $locale_loaded . '.mo'; + unload_textdomain( 'continents-cities' ); load_textdomain( 'continents-cities', $mofile ); $mo_loaded = true; } @@ -4132,13 +4780,15 @@ * The default value of `EMPTY_TRASH_DAYS` is 30 (days). * * @since 2.9.0 + * + * @global wpdb $wpdb WordPress database abstraction object. */ function wp_scheduled_delete() { global $wpdb; $delete_timestamp = time() - ( DAY_IN_SECONDS * EMPTY_TRASH_DAYS ); - $posts_to_delete = $wpdb->get_results($wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < '%d'", $delete_timestamp), ARRAY_A); + $posts_to_delete = $wpdb->get_results($wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < %d", $delete_timestamp), ARRAY_A); foreach ( (array) $posts_to_delete as $post ) { $post_id = (int) $post['post_id']; @@ -4155,7 +4805,7 @@ } } - $comments_to_delete = $wpdb->get_results($wpdb->prepare("SELECT comment_id FROM $wpdb->commentmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < '%d'", $delete_timestamp), ARRAY_A); + $comments_to_delete = $wpdb->get_results($wpdb->prepare("SELECT comment_id FROM $wpdb->commentmeta WHERE meta_key = '_wp_trash_meta_time' AND meta_value < %d", $delete_timestamp), ARRAY_A); foreach ( (array) $comments_to_delete as $comment ) { $comment_id = (int) $comment['comment_id']; @@ -4168,7 +4818,7 @@ delete_comment_meta($comment_id, '_wp_trash_meta_time'); delete_comment_meta($comment_id, '_wp_trash_meta_status'); } else { - wp_delete_comment($comment_id); + wp_delete_comment( $del_comment ); } } } @@ -4189,7 +4839,7 @@ * * @param string $file Path to the file. * @param array $default_headers List of headers, in the format array('HeaderKey' => 'Header Name'). - * @param string $context Optional. If specified adds filter hook "extra_{$context}_headers". + * @param string $context Optional. If specified adds filter hook {@see 'extra_$context_headers'}. * Default empty. * @return array Array of file headers in `HeaderKey => Header Value` format. */ @@ -4207,7 +4857,7 @@ $file_data = str_replace( "\r", "\n", $file_data ); /** - * Filter extra file headers by context. + * Filters extra file headers by context. * * The dynamic portion of the hook name, `$context`, refers to * the context where extra headers might be loaded. @@ -4242,7 +4892,7 @@ * * @see __return_false() * - * @return bool True. + * @return true True. */ function __return_true() { return true; @@ -4257,7 +4907,7 @@ * * @see __return_true() * - * @return bool False. + * @return false False. */ function __return_false() { return false; @@ -4322,8 +4972,8 @@ * * @since 3.0.0 * - * @see http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx - * @see http://src.chromium.org/viewvc/chrome?view=rev&revision=6985 + * @see https://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx + * @see https://src.chromium.org/viewvc/chrome?view=rev&revision=6985 */ function send_nosniff_header() { @header( 'X-Content-Type-Options: nosniff' ); @@ -4360,7 +5010,7 @@ * @since 3.1.0 * @access private * - * @param callback $callback Function that accepts ( ID, $callback_args ) and outputs parent_ID. + * @param callable $callback Function that accepts ( ID, $callback_args ) and outputs parent_ID. * @param int $start The ID to start the loop check at. * @param int $start_parent The parent_ID of $start to use instead of calling $callback( $start ). * Use null to always use $callback @@ -4385,7 +5035,7 @@ * @since 3.1.0 * @access private * - * @param callback $callback Function that accepts ( ID, callback_arg, ... ) and outputs parent_ID. + * @param callable $callback Function that accepts ( ID, callback_arg, ... ) and outputs parent_ID. * @param int $start The ID to start the loop check at. * @param array $override Optional. An array of ( ID => parent_ID, ... ) to use instead of $callback. * Default empty array. @@ -4438,26 +5088,34 @@ * Retrieve a list of protocols to allow in HTML attributes. * * @since 3.3.0 + * @since 4.3.0 Added 'webcal' to the protocols array. + * @since 4.7.0 Added 'urn' to the protocols array. * * @see wp_kses() * @see esc_url() * - * @return array Array of allowed protocols. + * @staticvar array $protocols + * + * @return array Array of allowed protocols. Defaults to an array containing 'http', 'https', + * 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', + * 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal', and 'urn'. */ function wp_allowed_protocols() { - static $protocols; + static $protocols = array(); if ( empty( $protocols ) ) { - $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp' ); - + $protocols = array( 'http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn' ); + } + + if ( ! did_action( 'wp_loaded' ) ) { /** - * Filter the list of protocols allowed in HTML attributes. + * Filters the list of protocols allowed in HTML attributes. * * @since 3.0.0 * * @param array $protocols Array of allowed protocols e.g. 'http', 'ftp', 'tel', and more. */ - $protocols = apply_filters( 'kses_allowed_protocols', $protocols ); + $protocols = array_unique( (array) apply_filters( 'kses_allowed_protocols', $protocols ) ); } return $protocols; @@ -4543,7 +5201,7 @@ * @since 3.4.0 * @access private * - * @return bool true|false Whether the device is able to upload files. + * @return bool Whether the device is able to upload files. */ function _device_can_upload() { if ( ! wp_is_mobile() ) @@ -4563,12 +5221,20 @@ /** * Test if a given path is a stream URL * + * @since 3.5.0 + * * @param string $path The resource path or URL. * @return bool True if the path is a stream URL. */ function wp_is_stream( $path ) { - $wrappers = stream_get_wrappers(); - $wrappers_re = '(' . join('|', $wrappers) . ')'; + if ( false === strpos( $path, '://' ) ) { + // $path isn't a stream + return false; + } + + $wrappers = stream_get_wrappers(); + $wrappers = array_map( 'preg_quote', $wrappers ); + $wrappers_re = '(' . join( '|', $wrappers ) . ')'; return preg_match( "!^$wrappers_re://!", $path ) === 1; } @@ -4588,7 +5254,7 @@ */ function wp_checkdate( $month, $day, $year, $source_date ) { /** - * Filter whether the given date is valid for the Gregorian calendar. + * Filters whether the given date is valid for the Gregorian calendar. * * @since 3.5.0 * @@ -4604,7 +5270,7 @@ * Can be disabled with remove_action( 'admin_enqueue_scripts', 'wp_auth_check_load' ); * * This is disabled for certain screens where a login screen could cause an - * inconvenient interruption. A filter called wp_auth_check_load can be used + * inconvenient interruption. A filter called {@see 'wp_auth_check_load'} can be used * for fine-grained control. * * @since 3.6.0 @@ -4621,7 +5287,7 @@ $show = ! in_array( $screen->id, $hidden ); /** - * Filter whether to load the authentication check. + * Filters whether to load the authentication check. * * Passing a falsey value to the filter will effectively short-circuit * loading the authentication check. @@ -4651,7 +5317,7 @@ $same_domain = ( strpos( $login_url, $current_domain ) === 0 ); /** - * Filter whether the authentication check originated at the same domain. + * Filters whether the authentication check originated at the same domain. * * @since 3.6.0 * @@ -4664,12 +5330,16 @@
-
+ '1', + 'wp_lang' => get_user_locale(), + ), $login_url ); ?> -
+
ID; + + ?> + + $wp_max_limit_int && $filtered_limit_int > $current_limit_int ) ) { + if ( false !== @ini_set( 'memory_limit', $filtered_limit ) ) { + return $filtered_limit; + } else { + return false; + } + } elseif ( -1 === $wp_max_limit_int || $wp_max_limit_int > $current_limit_int ) { + if ( false !== @ini_set( 'memory_limit', $wp_max_limit ) ) { + return $wp_max_limit; + } else { + return false; + } + } + + return false; +} + +/** + * Generate a random UUID (version 4). + * + * @since 4.7.0 + * + * @return string UUID. + */ +function wp_generate_uuid4() { + return sprintf( '%04x%04x-%04x-%04x-%04x-%04x%04x%04x', + mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), + mt_rand( 0, 0xffff ), + mt_rand( 0, 0x0fff ) | 0x4000, + mt_rand( 0, 0x3fff ) | 0x8000, + mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ), mt_rand( 0, 0xffff ) + ); +} + +/** + * Validates that a UUID is valid. + * + * @since 4.9.0 + * + * @param mixed $uuid UUID to check. + * @param int $version Specify which version of UUID to check against. Default is none, to accept any UUID version. Otherwise, only version allowed is `4`. + * @return bool The string is a valid UUID or false on failure. + */ +function wp_is_uuid( $uuid, $version = null ) { + + if ( ! is_string( $uuid ) ) { + return false; + } + + if ( is_numeric( $version ) ) { + if ( 4 !== (int) $version ) { + _doing_it_wrong( __FUNCTION__, __( 'Only UUID V4 is supported at this time.' ), '4.9.0' ); + return false; + } + $regex = '/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/'; + } else { + $regex = '/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/'; + } + + return (bool) preg_match( $regex, $uuid ); +} + +/** + * Get last changed date for the specified cache group. + * + * @since 4.7.0 + * + * @param string $group Where the cache contents are grouped. + * + * @return string $last_changed UNIX timestamp with microseconds representing when the group was last changed. + */ +function wp_cache_get_last_changed( $group ) { + $last_changed = wp_cache_get( 'last_changed', $group ); + + if ( ! $last_changed ) { + $last_changed = microtime(); + wp_cache_set( 'last_changed', $last_changed, $group ); + } + + return $last_changed; +} + +/** + * Send an email to the old site admin email address when the site admin email address changes. + * + * @since 4.9.0 + * + * @param string $old_email The old site admin email address. + * @param string $new_email The new site admin email address. + * @param string $option_name The relevant database option name. + */ +function wp_site_admin_email_change_notification( $old_email, $new_email, $option_name ) { + $send = true; + + // Don't send the notification to the default 'admin_email' value. + if ( 'you@example.com' === $old_email ) { + $send = false; + } + + /** + * Filters whether to send the site admin email change notification email. + * + * @since 4.9.0 + * + * @param bool $send Whether to send the email notification. + * @param string $old_email The old site admin email address. + * @param string $new_email The new site admin email address. + */ + $send = apply_filters( 'send_site_admin_email_change_email', $send, $old_email, $new_email ); + + if ( ! $send ) { + return; + } + + /* translators: Do not translate OLD_EMAIL, NEW_EMAIL, SITENAME, SITEURL: those are placeholders. */ + $email_change_text = __( 'Hi, + +This notice confirms that the admin email address was changed on ###SITENAME###. + +The new admin email address is ###NEW_EMAIL###. + +This email has been sent to ###OLD_EMAIL### + +Regards, +All at ###SITENAME### +###SITEURL###' ); + + $email_change_email = array( + 'to' => $old_email, + /* translators: Site admin email change notification email subject. %s: Site title */ + 'subject' => __( '[%s] Notice of Admin Email Change' ), + 'message' => $email_change_text, + 'headers' => '', + ); + // get site name + $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); + + /** + * Filters the contents of the email notification sent when the site admin email address is changed. + * + * @since 4.9.0 + * + * @param array $email_change_email { + * Used to build wp_mail(). + * + * @type string $to The intended recipient. + * @type string $subject The subject of the email. + * @type string $message The content of the email. + * The following strings have a special meaning and will get replaced dynamically: + * - ###OLD_EMAIL### The old site admin email address. + * - ###NEW_EMAIL### The new site admin email address. + * - ###SITENAME### The name of the site. + * - ###SITEURL### The URL to the site. + * @type string $headers Headers. + * } + * @param string $old_email The old site admin email address. + * @param string $new_email The new site admin email address. + */ + $email_change_email = apply_filters( 'site_admin_email_change_email', $email_change_email, $old_email, $new_email ); + + $email_change_email['message'] = str_replace( '###OLD_EMAIL###', $old_email, $email_change_email['message'] ); + $email_change_email['message'] = str_replace( '###NEW_EMAIL###', $new_email, $email_change_email['message'] ); + $email_change_email['message'] = str_replace( '###SITENAME###', $site_name, $email_change_email['message'] ); + $email_change_email['message'] = str_replace( '###SITEURL###', home_url(), $email_change_email['message'] ); + + wp_mail( $email_change_email['to'], sprintf( + $email_change_email['subject'], + $site_name + ), $email_change_email['message'], $email_change_email['headers'] ); +} + +/** + * Return an anonymized IPv4 or IPv6 address. + * + * @since 4.9.6 Abstracted from `WP_Community_Events::get_unsafe_client_ip()`. + * + * @param string $ip_addr The IPv4 or IPv6 address to be anonymized. + * @param bool $ipv6_fallback Optional. Whether to return the original IPv6 address if the needed functions + * to anonymize it are not present. Default false, return `::` (unspecified address). + * @return string The anonymized IP address. + */ +function wp_privacy_anonymize_ip( $ip_addr, $ipv6_fallback = false ) { + // Detect what kind of IP address this is. + $ip_prefix = ''; + $is_ipv6 = substr_count( $ip_addr, ':' ) > 1; + $is_ipv4 = ( 3 === substr_count( $ip_addr, '.' ) ); + + if ( $is_ipv6 && $is_ipv4 ) { + // IPv6 compatibility mode, temporarily strip the IPv6 part, and treat it like IPv4. + $ip_prefix = '::ffff:'; + $ip_addr = preg_replace( '/^\[?[0-9a-f:]*:/i', '', $ip_addr ); + $ip_addr = str_replace( ']', '', $ip_addr ); + $is_ipv6 = false; + } + + if ( $is_ipv6 ) { + // IPv6 addresses will always be enclosed in [] if there's a port. + $left_bracket = strpos( $ip_addr, '[' ); + $right_bracket = strpos( $ip_addr, ']' ); + $percent = strpos( $ip_addr, '%' ); + $netmask = 'ffff:ffff:ffff:ffff:0000:0000:0000:0000'; + + // Strip the port (and [] from IPv6 addresses), if they exist. + if ( false !== $left_bracket && false !== $right_bracket ) { + $ip_addr = substr( $ip_addr, $left_bracket + 1, $right_bracket - $left_bracket - 1 ); + } elseif ( false !== $left_bracket || false !== $right_bracket ) { + // The IP has one bracket, but not both, so it's malformed. + return '::'; + } + + // Strip the reachability scope. + if ( false !== $percent ) { + $ip_addr = substr( $ip_addr, 0, $percent ); + } + + // No invalid characters should be left. + if ( preg_match( '/[^0-9a-f:]/i', $ip_addr ) ) { + return '::'; + } + + // Partially anonymize the IP by reducing it to the corresponding network ID. + if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) { + $ip_addr = inet_ntop( inet_pton( $ip_addr ) & inet_pton( $netmask ) ); + if ( false === $ip_addr) { + return '::'; + } + } elseif ( ! $ipv6_fallback ) { + return '::'; + } + } elseif ( $is_ipv4 ) { + // Strip any port and partially anonymize the IP. + $last_octet_position = strrpos( $ip_addr, '.' ); + $ip_addr = substr( $ip_addr, 0, $last_octet_position ) . '.0'; + } else { + return '0.0.0.0'; + } + + // Restore the IPv6 prefix to compatibility mode addresses. + return $ip_prefix . $ip_addr; +} + +/** + * Return uniform "anonymous" data by type. + * + * @since 4.9.6 + * + * @param string $type The type of data to be anonymized. + * @param string $data Optional The data to be anonymized. + * @return string The anonymous data for the requested type. + */ +function wp_privacy_anonymize_data( $type, $data = '' ) { + + switch ( $type ) { + case 'email': + $anonymous = 'deleted@site.invalid'; + break; + case 'url': + $anonymous = 'https://site.invalid'; + break; + case 'ip': + $anonymous = wp_privacy_anonymize_ip( $data ); + break; + case 'date': + $anonymous = '0000-00-00 00:00:00'; + break; + case 'text': + /* translators: deleted text */ + $anonymous = __( '[deleted]' ); + break; + case 'longtext': + /* translators: deleted long text */ + $anonymous = __( 'This content was deleted by the author.' ); + break; + default: + $anonymous = ''; + } + + /** + * Filters the anonymous data for each type. + * + * @since 4.9.6 + * + * @param string $anonymous Anonymized data. + * @param string $type Type of the data. + * @param string $data Original data. + */ + return apply_filters( 'wp_privacy_anonymize_data', $anonymous, $type, $data ); +} + +/** + * Returns the directory used to store personal data export files. + * + * @since 4.9.6 + * + * @see wp_privacy_exports_url + * + * @return string Exports directory. + */ +function wp_privacy_exports_dir() { + $upload_dir = wp_upload_dir(); + $exports_dir = trailingslashit( $upload_dir['basedir'] ) . 'wp-personal-data-exports/'; + + /** + * Filters the directory used to store personal data export files. + * + * @since 4.9.6 + * + * @param string $exports_dir Exports directory. + */ + return apply_filters( 'wp_privacy_exports_dir', $exports_dir ); +} + +/** + * Returns the URL of the directory used to store personal data export files. + * + * @since 4.9.6 + * + * @see wp_privacy_exports_dir + * + * @return string Exports directory URL. + */ +function wp_privacy_exports_url() { + $upload_dir = wp_upload_dir(); + $exports_url = trailingslashit( $upload_dir['baseurl'] ) . 'wp-personal-data-exports/'; + + /** + * Filters the URL of the directory used to store personal data export files. + * + * @since 4.9.6 + * + * @param string $exports_url Exports directory URL. + */ + return apply_filters( 'wp_privacy_exports_url', $exports_url ); +} + +/** + * Schedule a `WP_Cron` job to delete expired export files. + * + * @since 4.9.6 + */ +function wp_schedule_delete_old_privacy_export_files() { + if ( wp_installing() ) { + return; + } + + if ( ! wp_next_scheduled( 'wp_privacy_delete_old_export_files' ) ) { + wp_schedule_event( time(), 'hourly', 'wp_privacy_delete_old_export_files' ); + } +} + +/** + * Cleans up export files older than three days old. + * + * The export files are stored in `wp-content/uploads`, and are therefore publicly + * accessible. A CSPRN is appended to the filename to mitigate the risk of an + * unauthorized person downloading the file, but it is still possible. Deleting + * the file after the data subject has had a chance to delete it adds an additional + * layer of protection. + * + * @since 4.9.6 + */ +function wp_privacy_delete_old_export_files() { + require_once( ABSPATH . 'wp-admin/includes/file.php' ); + + $exports_dir = wp_privacy_exports_dir(); + $export_files = list_files( $exports_dir, 100, array( 'index.html' ) ); + + /** + * Filters the lifetime, in seconds, of a personal data export file. + * + * By default, the lifetime is 3 days. Once the file reaches that age, it will automatically + * be deleted by a cron job. + * + * @since 4.9.6 + * + * @param int $expiration The expiration age of the export, in seconds. + */ + $expiration = apply_filters( 'wp_privacy_export_expiration', 3 * DAY_IN_SECONDS ); + + foreach ( (array) $export_files as $export_file ) { + $file_age_in_seconds = time() - filemtime( $export_file ); + + if ( $expiration < $file_age_in_seconds ) { + unlink( $export_file ); + } + } +}